Hi,
I want to make some of my services (like Nextcloud, Immich, Komga, Jellyfin and FreshRSS for example) on my home server easier accessible from remote. For that I want to use a VPS where I install Nginx and Wireguard on it and establish a VPN connection between it and my homeserver. So far so good.
My first question: For the services that I don’t want to expose for remote access over that setup, can I just keep my Nginx instance that I have running now for these services. For example my budgeting service is available under finance.example.com as long as I’m in the same network as my home server right now. Would that still be possible when I have 2 Nginx instances running (one on the VPS and one on the home server directly) or would I need to configure it differently for that to work?
My second question:
Do I need to install Fail2Ban on my VPS or can I also install it on my homeserver?
I agree with the other folks recommending Pangolin on a VPS for this. It’s great. It combines a reverse proxy and a wireguard tunnel together for you. You don’t have to open any ports on your home network, and Pangolin allows you to set access levels for each individual service.
So you can have some fully open for those who aren’t going to mess with VPNs and tunneling, and you can put other things behind Pangolin auth to add additional protection.