I have finally decided to expose some of my internal services to the outside world and thus need some security in place. I have decided to set up NGINX as a proxy and web host. I initially looked at Caddy, but found the installation and configuration more than what I was able to do in my spare time. NGINX allowed me to manage the installation and configuration with small steps.
First, I built an LXC and installed NGINX and ddclient to manage keeping my CloudFlare domain names mapped to the dynamic IP address provided by my ISP. I installed Debian and used apt to install NGINX and ddclient. I created and installed an SSL certificate from CloudFlare to allow secure communication. Lastly, I added a simple test web site and confirmed that I could access it externally.
I then installed VDO.Ninja as a local website and set up a proxy through to an instance of LeanTime that I have been using to track my internal projects. I added a couple of domain names and confirmed that they resolved correctly through the proxy. I do have additional services that I will expose in the future, but this is enough for now.
As an aside, VDO.Ninja is going to be something I plan on using to help with production of the Cloud Talk Show going forward. It allows peer to peer connections for video streams that can be included in OBS Studio as sources. We have been using MS Teams to coordinate and record the shows and OBS to capture our program locally. We then have a producer mixing the different streams into a program that is uploaded to YouTube and published. The main issues are that MS Teams compresses video streams and greatly reduces the fidelity of the stream and the labor involved in mixing or producing the program.
I have built a Windows 11 VM with OBS installed on it to manage streams. As mentioned above, I am going to eventually expose the OBS WebSocket interface for the producer to interact with directly.
