I have been using no-ip for around two years to remotely access my hosted service, I mostly use their free service except for a few 5 months offers I bought.

Recently, I received a full year offer in email for 8$ (COUPON CODE: MAY8), and I was wondering whether to get that or buy a 2 years domain for the same price (FROM hostinger or namecheap).

I have never bought a doamain before and my knowledge is limited to what I mostly read here. So, per your opinion, what would be better in term of usability and security, a DDNS on the router and a port open per hosted-service? or a domain with reverse proxy?

  • @RunningInRVA@lemmy.worldEnglish
    111 months ago

    I opted for dynamic dns and reverse proxy. I configured my reverse proxy to use TLS and also to require client certificates, which I install on my devices. You get so much flexibility and added consistency to your application security that I feel it is a must.

    • @mhz@lemm.eeOPEnglish
      111 months ago

      Would you please share what dynamic dns provider you use? I remember trying to set nginx pm to use my no-ip hostname (xyz.ddns.net) but I could not figure out how to link my hosted-services as subdomains (say portainer.xyz.ddns.net)

      • @RunningInRVA@lemmy.worldEnglish
        111 months ago

        I’m using Dynu for DDNS. They support subdomains as part of their DNS. You can configure nginx to service/route requests to each subdomain differently.

        • 486
          211 months ago

          Another option is subpaths: xyz.ddns.net/portainer

          While you can do that, you should be aware of the security implications (every application can see and modify every other application’s cookies). If at all possible, I would try to avoid this setup.

          • rentar42
            111 months ago

            I second that. This practice comes from a time where domain names were expensive, in many ways: SNI didn’t exist/wasn’t wide-spread, so each domain name on HTTPS needed a dedicated IP, Certificates weren’t democratized yet via letsencrypt/acme and most hosts were big enough to run multiple services, because virtualization wasn’t as widely available yet. So putting apps on sub-paths made sense.

            Now all of those things are basically dealt with and putting each app on its own sub-domain just makes way more sense.