By Aleksander Johansen in homelab

Goodbye Port Numbers! My Homelab's Reverse Proxy Revelation

Tired of remembering `192.168.1.100:8080`? I was too! Join me on my journey to setting up a reverse proxy and reclaiming my homelab sanity with clean, memorable URLs and SSL for everything.

Goodbye Port Numbers! My Homelab's Reverse Proxy Revelation

The Port Number Predicament

Hey fellow homelab enthusiasts! If you're anything like me, your journey into self-hosting probably started with a handful of services, each dutifully running on its own unique port. I remember it vividly: 192.168.1.10:8123 for Home Assistant, 192.168.1.10:3000 for Grafana, 192.168.1.10:9000 for Portainer... the list went on. My browser bookmarks looked like a cryptic message, and heaven forbid I try to access something from a new device without consulting my personal 'port bible'. It was functional, yes, but it was far from elegant, and honestly, a bit of a pain.

Enter the Reverse Proxy: A Game Changer

I knew there had to be a better way. That's when I stumbled upon the concept of a reverse proxy. For those new to the term, think of it as a sophisticated doorman for all your web services. Instead of you remembering different apartment numbers (ports) to reach different residents (services) in the same building (server IP), you simply tell the doorman the resident's name (a subdomain like homeassistant.mylabl.com), and he directs you to the correct apartment. All traffic comes to one main entrance (typically port 80 for HTTP and 443 for HTTPS), and the reverse proxy intelligently routes it to the correct internal service.

The idea immediately clicked. No more port numbers! Clean, memorable URLs! And the best part? The ability to easily add SSL/TLS encryption (HTTPS) to all my services, even those that didn't natively support it, or made it difficult to set up.

My Chosen Weapon: Nginx Proxy Manager

I explored a few options: raw Nginx configuration, Traefik, Caddy. While each has its merits, for my homelab setup and my desire for a relatively quick and easy graphical interface, I settled on Nginx Proxy Manager (NPM). It runs beautifully in Docker, and its web UI makes managing proxy hosts and SSL certificates a breeze.

The Setup Journey: Smoother Than Expected

My setup process went something like this:

Docker Deployment: I spun up NPM using a simple Docker Compose file. It was up and running in minutes.  DNS Configuration: This was crucial. I use Pi-hole as my internal DNS server, so I added custom DNS records (A records) for each subdomain I wanted to use (e.g., homeassistant.mylabl.com, grafana.mylabl.com) all pointing to the internal IP address of my server running NPM. If you don't have an internal DNS server, you could modify your client device's hosts file for testing, or use a public DNS provider if you plan to expose services externally.  Creating Proxy Hosts: Inside NPM's web UI, creating a new proxy host was incredibly intuitive. I simply entered my desired domain (e.g., homeassistant.mylabl.com), the internal IP address of my Home Assistant container, and its internal port (8123).  SSL with Let's Encrypt: This was the true magic! NPM has built-in integration with Let's Encrypt. With a few clicks, I could request and automatically renew SSL certificates for all my subdomains. Suddenly, all my internal services were accessible via HTTPS, complete with a green padlock, making everything feel much more professional and secure.

Challenges and Learning Moments

• DNS is King: Seriously, getting your DNS right is paramount. Initially, I struggled because my devices couldn't resolve homeassistant.mylabl.com. Once I properly configured Pi-hole to resolve these internal hostnames to my NPM server's IP, everything clicked into place.

• Internal vs. External: While I primarily wanted this for internal access, I did experiment with exposing a service or two externally. This involved port forwarding 80 and 443 on my router to my NPM server and updating my public DNS records. This highlighted the importance of robust firewall rules and understanding network topology.

• WebSockets and Specific Headers: Some services, like Home Assistant, heavily rely on WebSockets. NPM has an easy toggle for WebSocket support, which I quickly learned to enable for those specific services. Occasionally, a service might need a custom Nginx directive (e.g., for specific authentication headers), which NPM also allows you to add directly within the proxy host configuration.

• Certificate Renewal: While Let's Encrypt is automated, it's good practice to occasionally check the logs or NPM's dashboard to ensure certificates are renewing properly. I've had zero issues so far, which is a testament to NPM's reliability.

The Sweet Taste of Success

The transformation was incredible. Now, instead of remembering arcane port numbers, I simply type homeassistant.mylabl.com, grafana.mylabl.com, or portainer.mylabl.com. Everything is accessible via HTTPS, looks professional, and is much easier to manage. It's not just about convenience; it's about making your homelab more user-friendly and secure for everyone who uses it (which, in my case, is mostly just me, but still!).

If you're still stuck in the world of port numbers, I highly, highly recommend taking the plunge into setting up a reverse proxy. It's one of those foundational homelab projects that pays dividends in convenience, security, and overall sanity. Happy self-hosting!