I have been using no-ip for around two years to remotely access my hosted service, I mostly use their free service except for a few 5 months offers I bought.

Recently, I received a full year offer in email for 8$ (COUPON CODE: MAY8), and I was wondering whether to get that or buy a 2 years domain for the same price (FROM hostinger or namecheap).

I have never bought a doamain before and my knowledge is limited to what I mostly read here. So, per your opinion, what would be better in term of usability and security, a DDNS on the router and a port open per hosted-service? or a domain with reverse proxy?

  • RunningInRVA@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    I opted for dynamic dns and reverse proxy. I configured my reverse proxy to use TLS and also to require client certificates, which I install on my devices. You get so much flexibility and added consistency to your application security that I feel it is a must.

    • mhz@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      Would you please share what dynamic dns provider you use? I remember trying to set nginx pm to use my no-ip hostname (xyz.ddns.net) but I could not figure out how to link my hosted-services as subdomains (say portainer.xyz.ddns.net)

      • RunningInRVA@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        I’m using Dynu for DDNS. They support subdomains as part of their DNS. You can configure nginx to service/route requests to each subdomain differently.

      • klangcola@reddthat.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        Another option is subpaths: xyz.ddns.net/portainer

        Just one open port, to your reverse proxy (nginx or other).

        The client updating no-ip with your dynamic IP is independent of the reverse proxy software.

        • 486@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          Another option is subpaths: xyz.ddns.net/portainer

          While you can do that, you should be aware of the security implications (every application can see and modify every other application’s cookies). If at all possible, I would try to avoid this setup.

          • rentar42@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            5 months ago

            I second that. This practice comes from a time where domain names were expensive, in many ways: SNI didn’t exist/wasn’t wide-spread, so each domain name on HTTPS needed a dedicated IP, Certificates weren’t democratized yet via letsencrypt/acme and most hosts were big enough to run multiple services, because virtualization wasn’t as widely available yet. So putting apps on sub-paths made sense.

            Now all of those things are basically dealt with and putting each app on its own sub-domain just makes way more sense.