https://lemmy.world/comment/10089750
This is how I did it.
You need a wildcard cert for ypur subdoman:
*.legal.example.com
Then point that record to 127.0.0.0. This will not resolve for anyone. But you’ll have an internal dns enty (useig pihole/adguard/unbound) that redirects to your reverse proxy.
You could also point to your revers proxy internal address instead of 127.0.0.0.
This video could help you: https://www.youtube.com/watch?v=qlcVx-k-02E
I switched a year ago to podman and had some trouble to get everything running. But it is possible. I’m not running anything rootful and everything works.
Read the docs, use podman-compose (this sadly has no good docs, but works quit well when you got it) and get ready to play around with permissions and file ownership.
Very nice write up. Thank you for sharing. One thing I like to add.
I’ve personally moved away from nginx proxy manager, because I read an article that it has some vulnerability that don’t get fixed in time. Also there are a ton of issues open on git hub. So I move to caddy, witch also is super easy to set up.
You don’t want the nextcloud to be public for everyone, then I’d go the tailscale route without a vps. Just connect your Server and phone.
If you want it to be public, then I’d still use tailscale and do it like the other comment suggested.
Reverse Proxy on vps connected to tailscale, proxzies the traffic through the tailnet to your server. That’s what I’m doing btw.