1

2025-05-22 12:38:11 +02:00 · 2025-05-22 12:38:11 +02:00 · b1c4b1cb01
commit b1c4b1cb01
parent 3dddf2f1a5
8 changed files with 28 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 # ip2nginx
 <p align="center">
  <a href="https://safe-cap.com/" target="_blank">
-    <img src="https://safe-cap.com/git/ip2nginx-logo-250-250.png" width="100" height="100";>
+    <img src="img/ip2nginx-small.png">
  </a>
 	<br><br>
 	<img src="https://img.shields.io/badge/version-0.0.1-green.svg?style=for-the-badge">
@ -41,21 +41,37 @@

 ---

-## 🏠 What is ip2nginx?
+🏠 What is ip2nginx?

-ip2nginx is a self-hosted system that allows you to make services running on your home network (like a NAS, internal web apps, or router interface) accessible under your own domain — even if your public IP address changes.
+ip2nginx is a self-hosted system that allows you to securely expose services running on your private home network (e.g. NAS, internal web interfaces, or a self-hosted app) under your own domain — without using third-party dynamic DNS services.

-Unlike third-party solutions other dynamic DNS providers, this tool gives you full control and privacy by updating your reverse proxy configuration directly, without modifying DNS records or relying on external providers.
+Instead of changing DNS records, it updates the reverse proxy (NGINX) configuration on your public server — making it the only point that needs to be publicly reachable.
+🔐 Why is this more secure?

-How It Works:
+Your home server does not need to be exposed to the entire internet. Only your external server (running ip2nginx) needs access. This allows you to:

-    Your home device (e.g. pfSense or another gateway) periodically sends its current public IP to your server via an API request.
+    Restrict incoming firewall access at home to just one remote IP (your public server).

-    The server updates the reverse proxy configuration (nginx.conf) with the new IP.
+    Avoid direct exposure of your internal services to DDOS or scanning attempts.

-    The proxy_pass directive is updated inside the specific location block for the target domain.
+    Offload all public traffic to the external server, preventing your home bandwidth from being overwhelmed.

-    NGINX is reloaded automatically to apply changes.
+⚙️ How it works:
+
+    Your home gateway (e.g. pfSense or another device) periodically sends its current public IP to your external server using an authenticated API call.
+
+    The external server updates only the proxy_pass directive inside a specific location block in the NGINX config for your domain.
+
+    NGINX is automatically reloaded to apply the changes.
+
+    From the outside world, visitors reach your external server, which transparently proxies to your home server — using your latest IP.
+
+This gives you full control, avoids third-party dependencies, and increases the security of your home infrastructure.
+
+<p align="center">
+  <img src="https://safe-cap.com/git/ip2nginx-server-small.png" alt="Diagram of a secure home-server access flow using an external NGINX proxy and API updates from the home server.">
+  <br><br>
+</p>

 ---

@ -110,8 +126,7 @@ Supports **POST** (preferred) and **GET** methods.
 | `ip`       | ❌       | New public IP (default: auto-detected from request)                         |
 | `domain`   | ❌       | Backend domain to proxy to (default: same as IP)                            |
 | `port`     | ❌       | Port number (default: 443 for https, 80 for http)                           |
-| `protocol` | ❌       | One of `http` or `https` (default: `http`)                                  |
-| `location` | ❌       | NGINX location block path to update (default: `/`)                          |
+| `protocol` | ❌       | One of `http` or `https` (default: `https`)                                  |

 Any change in `ip`, `domain`, `port`, or `protocol` triggers `"changed": 1` in `meta.json`.

@ -235,7 +250,7 @@ MIT (or similar): Open-source, free for use and modification.
 ## 🤝 Author
 <p align="center">
  <a href="https://safe-cap.com" target="_blank">
-  <img src="https://safe-cap.com/git/safe-cap-logo.png" width="100" height="100";>
+    <img src="img/safe-cap-logo-small.png" width="100" height="100" alt="SAFE-CAP">
  </a>
  <br><br>
  **Maintained by SAFE-CAP / Alexander Schiemann / https://safe-cap.com**
--- a/img/ip2nginx-how-it-work-small.png
+++ b/img/ip2nginx-how-it-work-small.png
--- a/img/ip2nginx-how-it-work.png
+++ b/img/ip2nginx-how-it-work.png
--- a/img/ip2nginx-logo-small.png
+++ b/img/ip2nginx-logo-small.png
--- a/img/ip2nginx-logo.png
+++ b/img/ip2nginx-logo.png
--- a/img/safe-cap-logo-small.png
+++ b/img/safe-cap-logo-small.png
--- a/img/safe-cap-logo.png
+++ b/img/safe-cap-logo.png
--- a/update.php
+++ b/update.php
@ -40,7 +40,7 @@ function main(): void {
    'token'    => null,
    'ip'       => $clientIp,
    'domain'   => $clientIp, // fallback to IP if domain not given
-    'protocol' => 'http',
+    'protocol' => 'https',
    'port'     => null,
  ]);