One IP versus several services, how?

General Discussion
#4

Ok, but I will use different domains for different task.
For example:
sampledomain.asuscomm.com:1883 MQTT
sampledomain.asuscomm.com:1883 Node-Red
sampledomain.asuscomm.com:443 https:// for AdGuard + ports 853, 784

sampledomain.no-ip.biz I’ll for ownCloud for now. But how I can setup ownCloud for listening on port 2080 and 2443? Or only 2443 for https only?
I can forward port and set no-ip for sampledomain.no-ip.biz → sampledomain.asuscomm.com:2443 ??

image
image938×524 31.6 KB

I don’t know how setup ownCloud on DietPI.

#5

These are all the same domain, just different ports

#6

Yes, this is ok

ownCloud I will on different domain, same IP.
First domain is for task without web server or with internal web server like Node-red.

sampledomain.no-ip.biz

have to be for ownCloud.

#7

Any specific reason for this? All your apps are running on a single host I guess?

If yes, you will have a challenge with port 443. Because it’s already blocked by AGH (why??) and can’t be used for SSL on Onwcloud web server.

Better to think of a revers proxy configuration.

#8

Because on sampledomain.asuscomm.com port 443 is used by AdGuard, sampledomain.asuscomm.com/ownCloud do not open this page, only show me “404 page not found”
https:// sampledomain.asuscomm.com - AdGuard
http:// sampledomain.asuscomm.com - Welcome to nginx!
http:// sampledomain.asuscomm.com/owncloud - You are accessing the server from an untrusted domain.
https:// sampledomain.asuscomm.com/owncloud - 404 page not found

#9

It doesn’t matter how much DDNS domain you have. They all will resolve to the very same external IP address. Therefore, you can’t use port 443 more than once. As it is blocked by AGH, it can’t be used by OwnCloud to do HTTPS/SSL

The only solution to reach AGH + Ownlcoud on port 443, would be to setup a revers proxy. This would be the most elegant solution as the proxy would handl all SSL certificates and you don’t need to configure each and every app to do HTTPS individually.

1 Like
#10

How I can config a revers proxy?

#11

Which web server you selected?

#12

image

But anyway, I will use different domain for ownCloud, for sharing.

#13

as stated above, this doesn’t matter how much domains you will use. At the end a port can be used once. For using it multiple time, a proxy is needed who could decide, depending on your domain, what to do. And Nginx is quite a good option to setup the proxy. However, you would need to remove port 443 on AGH + disable SSL, create a cert for Nginx using dietpi-letsencrypt. Once this is working and Owncloud is reachable on HTTPS, you could create the proxy entry for AGH.

#14

OK, i have access:
https:// sample.asuscomm.com/nexctcloud

#15

There is an information on AGH wiki on how to setup AGH using a sub path FAQ · AdguardTeam/AdGuardHome Wiki · GitHub

Basically, this describe it as well on AGH GitHub How to set reverse proxy for AdGuardHome Dashboard with nginx correctly? · Issue #4266 · AdguardTeam/AdGuardHome · GitHub

  1. create a config file
nano /etc/nginx/sites-dietpi/dietpi-aghome.conf
  1. add following
location /aghome/ {
	proxy_pass http://127.0.01:8083/;
	proxy_redirect / /aghome/;
	proxy_cookie_path / /aghome/;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Protocol $scheme;
	#proxy_set_header X-Url-Scheme $scheme;
}
  1. restart service
systemctl restart nginx.service
  1. AGH should be reachabe on https://dietpi.example.com/aghome/ now
2 Likes
Reverse proxy with subdomain
#16

Thank you, yes it’s available on /aghome/ :smile: :smile: :smile:
But how setup this ports:

image
image1205×684 30.1 KB

And now I’ll hide this address for nextcloud.
Should be enough to masked https:// sample.asuscomm.com/nexctcloud by https:// example.noip.biz
??

Many thanks,
BaGRoS

#17

Honestly I don’t understand what you are trying to do on your screenshot.

As well what do you mean by masking nextcloud?

#18

For proper blocking, tiktok have to be setup encryption DNS-over-TLS because, many softwares can escape from blockade using TLS…

So on this screen https port I can use 8083, I think so.

By masking i mean do not share my main domain, asuscomm.com/nextcloud but for example
https:// myclous.noip.biz

#19

what should be the goal of this? Are there clients/devices that should connect to AGH using DoT? Or should AGH connect to upstream DNS using DoT? Maybe try to describe the solution a little more on what you are trying to achieve.

HTTPS port is 443.
8083 is the HTTP port of AGH. SSL is done by Nginx now and not by AGH anymore.

It would require a complete rework on the Nginx configuration, if you like Nginx to decide by domain what to do. You need to create VirtualHost entries per domain and block access by IP.

#20

I’ll completely block tiktok.

#21

But this is just a setting how AGH is going to resolve DNS request towards upstream DNS server. This has nothing to do on how clients will resolve DNS request towards AGH. Just activating DoT inside AGH will not have any effect on how clients are going to resolve their DNS request. And I doubt it will block anything. Blocking is done based on Ad block list you are going to add into AGH.

#22

Yes I know

image
image747×515 25.5 KB

image
image761×345 15.8 KB

should be like on attached pictures?

#23

I guess you are trying to block DoT access for your clients right? But I don’t know if this is working like shown on the screen prints as I’m not familiar with your router model. As well, ensure you have activated DoT server inside AGH.