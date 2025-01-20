If you're deep into your home lab journey with several self-hosted apps, you know that remembering all the URLs to access each service's management pages soon becomes a nightmare. Plus, if anything changes in the configuration of your home network, you have to go in and change everything manually. Instead, you can set up a reverse proxy to direct traffic to your self-hosted apps so they're all reachable from the same external URL.

Basically, the reverse proxy is another server on your home network that sits between the internet-at-large and your self-hosted apps and other servers. That makes it another layer of security, as incoming client requests only know about the server the reverse proxy is installed on. It also makes administration easier because once you've set up your internal networking rules, the only place you need to change them is on your custom DNS server.

You might think a reverse proxy is tricky to set up, but modern services do most of the work for you. I'll discuss one method, using a Synology NAS, and explain how the process works in more general terms if you want to use a different reverse proxy server.

What you'll need

We're using a Synology NAS here, but the process is similar for all reverse proxies

You don't need many things to get a reverse proxy running on your Synology NAS for your self-hosted apps. We do need a list of services we're going to put behind the reverse proxy, and a Synology NAS that's running the latest version of DSM.

Also, we'll need:

An SSL certificate (this is for security purposes, and you can get your own inside DSM for free from Let's Encrypt)

A domain name (eg: yourdomainname.com) so you can have subdomains for each webapp you want to use with the reverse proxy

so you can have subdomains for each webapp you want to use with the reverse proxy Port 443 is forwarded from your router to your NAS local IP address

The IP address and port number for each self-hosted app

Setting up a reverse proxy on a Synology NAS

Let's get our Docker containers all in a row

Currently, the only self-hosted service I have running on my Synology is Home Assistant. That's partly because it's awesome, and I wanted a way to control my smart home from one dashboard, but it's the only service because I had a mishap not long ago and had to redo my entire NAS setup. Painful lessons were learned, and I've started afresh with new security and backup policies and two-drive redundancy in my RAID array.

Normally, I connect to HA using its local IP address and port combination, but that's annoying for several reasons. First, my Synology IP address might change depending on how I set up my home lab, and I hate having to remember strings of IP addresses and port numbers. I also don't like the idea of exposing so many ports to the wider internet.

So, let's get started by getting DDNS set up so we have a domain name to point at and a wildcard SSL certification so we can use subdomains.

We want the wildcard SSL certificate for security, but also because it will cover any subdomains we use. Our web apps will be set up in the form of yourwebappname1.domainname.com, yourwebappname2.domainname.com, etc.

First, we're going to set up DDNS and our SSL certificate: