One IP versus several services, how?

Hi
I would like to use several services like AdGuard, ownCloud, … on one DietPI.
My Asus router has a DDNS service and routes the domain:
sampledomain.asuscomm.com to my fixed IP.
I would like the above-mentioned domain to direct only MQTT or Node-Red type connections.
I understand that it needs other domains configured in some way to make http/s:// work on other ports
I could use a no-ip service, or buy some domains (do you know of any cheap ones that can be bought for life?).
How do I bundle it all up so it works without a problem?
In no-ip, specify sampledomain.asuscomm.com:81 and have ownCloud listen on another port? What about https?

Many thanks,
BaGRoS

To setup HTTPS you can just use dietpi-letsencrypt when you already have a DDNS or another domain.
You could also forward other ports in your router for example for adguard, which uses 8083.
Or you use a reverse proxy (which can be difficult to set up) to “route” the request to a domain like sampledomain.asuscomm.com/adguard or sampledomain.asuscomm.com/owncloud instead of using domain:port.

correct, as long as services are separated by ports, they can be reached via the same domain.

Ok, but I will use different domains for different task.
For example:
sampledomain.asuscomm.com:1883 MQTT
sampledomain.asuscomm.com:1883 Node-Red
sampledomain.asuscomm.com:443 https:// for AdGuard + ports 853, 784

sampledomain.no-ip.biz I’ll for ownCloud for now. But how I can setup ownCloud for listening on port 2080 and 2443? Or only 2443 for https only?
I can forward port and set no-ip for sampledomain.no-ip.biz → sampledomain.asuscomm.com:2443 ??

image938×524 31.6 KB

I don’t know how setup ownCloud on DietPI.

These are all the same domain, just different ports

Yes, this is ok

ownCloud I will on different domain, same IP.
First domain is for task without web server or with internal web server like Node-red.

sampledomain.no-ip.biz

have to be for ownCloud.

Any specific reason for this? All your apps are running on a single host I guess?

If yes, you will have a challenge with port 443. Because it’s already blocked by AGH (why??) and can’t be used for SSL on Onwcloud web server.

Better to think of a revers proxy configuration.

Because on sampledomain.asuscomm.com port 443 is used by AdGuard, sampledomain.asuscomm.com/ownCloud do not open this page, only show me “404 page not found”
https:// sampledomain.asuscomm.com - AdGuard
http:// sampledomain.asuscomm.com - Welcome to nginx!
http:// sampledomain.asuscomm.com/owncloud - You are accessing the server from an untrusted domain.
https:// sampledomain.asuscomm.com/owncloud - 404 page not found

It doesn’t matter how much DDNS domain you have. They all will resolve to the very same external IP address. Therefore, you can’t use port 443 more than once. As it is blocked by AGH, it can’t be used by OwnCloud to do HTTPS/SSL

The only solution to reach AGH + Ownlcoud on port 443, would be to setup a revers proxy. This would be the most elegant solution as the proxy would handl all SSL certificates and you don’t need to configure each and every app to do HTTPS individually.

How I can config a revers proxy?

Which web server you selected?

But anyway, I will use different domain for ownCloud, for sharing.

as stated above, this doesn’t matter how much domains you will use. At the end a port can be used once. For using it multiple time, a proxy is needed who could decide, depending on your domain, what to do. And Nginx is quite a good option to setup the proxy. However, you would need to remove port 443 on AGH + disable SSL, create a cert for Nginx using dietpi-letsencrypt. Once this is working and Owncloud is reachable on HTTPS, you could create the proxy entry for AGH.

OK, i have access:
https:// sample.asuscomm.com/nexctcloud

There is an information on AGH wiki on how to setup AGH using a sub path FAQ · AdguardTeam/AdGuardHome Wiki · GitHub

Basically, this describe it as well on AGH GitHub How to set reverse proxy for AdGuardHome Dashboard with nginx correctly? · Issue #4266 · AdguardTeam/AdGuardHome · GitHub

1. create a config file

nano /etc/nginx/sites-dietpi/dietpi-aghome.conf

2. add following

location /aghome/ {
	proxy_pass http://127.0.01:8083/;
	proxy_redirect / /aghome/;
	proxy_cookie_path / /aghome/;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Protocol $scheme;
	#proxy_set_header X-Url-Scheme $scheme;
}

3. restart service

systemctl restart nginx.service

4. AGH should be reachabe on https://dietpi.example.com/aghome/ now

Thank you, yes it’s available on /aghome/
But how setup this ports:

image1205×684 30.1 KB

And now I’ll hide this address for nextcloud.
Should be enough to masked https:// sample.asuscomm.com/nexctcloud by https:// example.noip.biz
??

Many thanks,
BaGRoS

Honestly I don’t understand what you are trying to do on your screenshot.

As well what do you mean by masking nextcloud?

For proper blocking, tiktok have to be setup encryption DNS-over-TLS because, many softwares can escape from blockade using TLS…

So on this screen https port I can use 8083, I think so.

By masking i mean do not share my main domain, asuscomm.com/nextcloud but for example
https:// myclous.noip.biz

what should be the goal of this? Are there clients/devices that should connect to AGH using DoT? Or should AGH connect to upstream DNS using DoT? Maybe try to describe the solution a little more on what you are trying to achieve.

HTTPS port is 443.
8083 is the HTTP port of AGH. SSL is done by Nginx now and not by AGH anymore.

It would require a complete rework on the Nginx configuration, if you like Nginx to decide by domain what to do. You need to create VirtualHost entries per domain and block access by IP.

I’ll completely block tiktok.