mrpbennett.dev

How to Set Up a Nginx Reverse Proxy Using AdGuard DNS: No More /etc/hosts!

Article Image

Introduction

Managing multiple services on your local network can become cumbersome, especially when dealing with domain names and DNS resolution. Many developers resort to editing their /etc/hosts file to map domains to IP addresses, but this approach has limitations and requires constant maintenance. In this guide, we'll explore a better solution using Nginx as a reverse proxy combined with AdGuard DNS rewrites.

The Problem

Traditionally, when running multiple services locally, developers often modify their /etc/hosts file with entries like:

192.168.1.100    service1.local
192.168.1.100    service2.local
192.168.1.100    service3.local

This approach has several drawbacks:

  • Requires manual updating for each new service
  • Changes need to be replicated across all devices
  • Can become difficult to manage with many services
  • Doesn't scale well in team environments

The Solution: Nginx + AdGuard DNS

We can create a more elegant solution by combining:

  1. A Nginx reverse proxy to route traffic based on domain names
  2. AdGuard DNS rewrites to handle domain resolution

This setup provides:

  • Automatic DNS resolution for all subdomains
  • Centralized management of service routing
  • No need to modify host files
  • Works across all devices on your network

Step-by-Step Implementation

1. Set Up Nginx

First, install and configure Nginx on your server:

sudo apt update
sudo apt install nginx -y

2. Configure AdGuard DNS

In AdGuard Home:

  1. Navigate to Filters → DNS rewrites
  2. Add a new DNS rewrite
  3. Enter your wildcard domain (e.g., *.ld.lab)
  4. Set it to point to your Nginx server's IP (e.g., 192.168.7.11)

This configuration tells AdGuard to redirect all subdomains of ld.lab to your Nginx server.

3. Configure Nginx Virtual Hosts

Create server blocks for your services in Nginx. For example, /etc/nginx/sites-available/services.conf:

server {
    listen 80;
    server_name service1.ld.lab;

    location / {
        proxy_pass http://192.168.1.101:3000;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
    }
}

server {
    listen 80;
    server_name service2.ld.lab;

    location / {
        proxy_pass http://192.168.1.102:8080;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
    }
}

Enable the configuration:

sudo ln -s /etc/nginx/sites-available/services.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

How It Works

  1. When you access service1.ld.lab:

    • AdGuard DNS sees the request for the ld.lab subdomain
    • It redirects the request to your Nginx server (192.168.7.11)
    • Nginx receives the request and checks the server_name
    • The request is proxied to the appropriate internal service

  2. Adding new services is simple:

    • Create a new server block in Nginx
    • Use any subdomain of ld.lab
    • No DNS or hosts file modifications needed

Benefits

  • Simplified Management: One central place to manage service routing
  • Automatic DNS: No more hosts file editing
  • Scalability: Easy to add new services
  • Network-Wide: Works for all devices using AdGuard DNS
  • Flexibility: Easy to modify service endpoints without DNS changes

Security Considerations

  • Consider adding SSL certificates for secure connections
  • Implement access controls if needed
  • Keep Nginx and its configurations up to date
  • Monitor logs for unusual activity

Conclusion

This setup provides a robust and maintainable way to manage local services without touching /etc/hosts. The combination of Nginx and AdGuard DNS creates a flexible system that scales well and reduces administrative overhead.

Remember to adjust IP addresses, domain names, and ports according to your specific setup. This solution can be further enhanced with SSL certificates, authentication, and other security measures based on your needs.