What Each Tool Does:
-
WireGuard (via PiVPN): Creates a private, encrypted tunnel into your home network — like teleporting your device onto your home Wi-Fi.
-
NGINX Reverse Proxy: Lets you access multiple internal services (like Plex, Jellyfin, or other dashboards) using a single domain with SSL, often through the public internet.
✅ When to Combine 스포츠중계 Both (and Why)
You should combine WireGuard and NGINX reverse proxy if:
-
You want secure VPN access to your home network plus
-
You want to expose select services (e.g., Plex, Overseerr, Radarr) to the internet safely
-
You need SSL encryption, subdomains, or domain-based access (e.g.,
plex.yourdomain.com)
????️ Combination Setup (Recommended Structure)
???? Architecture Overview:
css
복사편집
[Remote Device] ⇄ WireGuard VPN ⇄ [Home Server: NGINX Proxy ⇄ Plex] ⇄ [Other Local Devices/Services]
Or for select services:
css
복사편집
[Remote Device] ⇄ Internet ⇄ [Home Router: Port 443 → NGINX Reverse Proxy ⇄ Plex (w/ Auth)]
You can route Plex through VPN only, and optionally expose less sensitive tools (like NZBGet) via NGINX.
???? Setup Steps 스포츠중계 (WireGuard + NGINX Reverse Proxy)
✅ 1. Set Up WireGuard (via PiVPN)
-
We’ve covered this already: WireGuard via PiVPN guide
-
Allows full LAN access from anywhere securely
✅ 2. Install NGINX or Use a Reverse Proxy Manager
You can either:
-
Manually install NGINX
-
Use a GUI-based manager like NGINX Proxy Manager (runs in Docker)
✅ 3. Route Plex Locally via Reverse Proxy (Optional)
Example NGINX config for Plex:
nginx
복사편집
server { listen 443 ssl; server_name plex.yourdomain.com; location / { proxy_pass http://localhost:32400/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; }
⚠️ Plex does not support SSL termination easily and often breaks media playback via standard reverse proxying. It's recommended to use VPN for Plex and reserve reverse proxy for other services.
✅ 4. Use Reverse Proxy for Other Services (Sonarr, Radarr, etc.)
You can safely expose:
-
sonarr.yourdomain.com -
radarr.yourdomain.com -
overseerr.yourdomain.com
Use NGINX with HTTP Auth or OAuth2 Proxy to protect them.
???? Security Recommendations
-
Keep Plex access limited to VPN clients only
-
Add basic auth or copyright to NGINX for public services
-
Use Cloudflare + Let's Encrypt SSL for hardened edge protection
-
Keep ports like
32400closed on your public IP if not using NGINX securely
???? Advanced Tip: Use DNS Split-Horizon
Configure:
-
Internal DNS →
plex.localresolves to LAN IP (for VPN use) -
External DNS → not exposed or routes to dummy server
Prevents accidental access from the internet if your VPN or proxy misconfigures.
???? Summary
| Goal | Use WireGuard | Use NGINX Reverse Proxy |
|---|---|---|
| Full LAN access (Plex, SMB, SSH) | ✅ | ❌ |
| Public access to apps (secured) | ❌ | ✅ |
| Private-only Plex access | ✅ | ✅ (only internally) |
| Domain-based access (SSL) | ❌ | ✅ |
| Maximum privacy & security | ✅✅ | ✅ (if hardened) |
Comments on “When to Combine Both”