SAFE-CAP/ip2nginx
SAFE-CAP/ip2nginx
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1

Browse Source
This commit is contained in:
Alexander Schiemann 2025-05-22 12:38:11 +02:00
parent 3dddf2f1a5
commit b1c4b1cb01
8 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
README.md
View File

@ -1,7 +1,7 @@
# ip2nginx # ip2nginx
<p align="center"> <p align="center">
<a href="https://safe-cap.com/" target="_blank"> <a href="https://safe-cap.com/" target="_blank">
<img src="https://safe-cap.com/git/ip2nginx-logo-250-250.png" width="100" height="100";> <img src="img/ip2nginx-small.png">
</a> </a>
<br><br> <br><br>
<img src="https://img.shields.io/badge/version-0.0.1-green.svg?style=for-the-badge"> <img src="https://img.shields.io/badge/version-0.0.1-green.svg?style=for-the-badge">
@ -41,21 +41,37 @@
--- ---
## 🏠 What is ip2nginx? 🏠 What is ip2nginx?
ip2nginx is a self-hosted system that allows you to make services running on your home network (like a NAS, internal web apps, or router interface) accessible under your own domain — even if your public IP address changes. ip2nginx is a self-hosted system that allows you to securely expose services running on your private home network (e.g. NAS, internal web interfaces, or a self-hosted app) under your own domain — without using third-party dynamic DNS services.
Unlike third-party solutions other dynamic DNS providers, this tool gives you full control and privacy by updating your reverse proxy configuration directly, without modifying DNS records or relying on external providers. Instead of changing DNS records, it updates the reverse proxy (NGINX) configuration on your public server — making it the only point that needs to be publicly reachable.
🔐 Why is this more secure?
How It Works: Your home server does not need to be exposed to the entire internet. Only your external server (running ip2nginx) needs access. This allows you to:
Your home device (e.g. pfSense or another gateway) periodically sends its current public IP to your server via an API request. Restrict incoming firewall access at home to just one remote IP (your public server).
The server updates the reverse proxy configuration (nginx.conf) with the new IP. Avoid direct exposure of your internal services to DDOS or scanning attempts.
The proxy_pass directive is updated inside the specific location block for the target domain. Offload all public traffic to the external server, preventing your home bandwidth from being overwhelmed.
NGINX is reloaded automatically to apply changes. ⚙️ How it works:
Your home gateway (e.g. pfSense or another device) periodically sends its current public IP to your external server using an authenticated API call.
The external server updates only the proxy_pass directive inside a specific location block in the NGINX config for your domain.
NGINX is automatically reloaded to apply the changes.
From the outside world, visitors reach your external server, which transparently proxies to your home server — using your latest IP.
This gives you full control, avoids third-party dependencies, and increases the security of your home infrastructure.
<p align="center">
<img src="https://safe-cap.com/git/ip2nginx-server-small.png" alt="Diagram of a secure home-server access flow using an external NGINX proxy and API updates from the home server.">
<br><br>
</p>
--- ---
@ -110,8 +126,7 @@ Supports **POST** (preferred) and **GET** methods.
| `ip` | ❌ | New public IP (default: auto-detected from request) | | `ip` | ❌ | New public IP (default: auto-detected from request) |
| `domain` | ❌ | Backend domain to proxy to (default: same as IP) | | `domain` | ❌ | Backend domain to proxy to (default: same as IP) |
| `port` | ❌ | Port number (default: 443 for https, 80 for http) | | `port` | ❌ | Port number (default: 443 for https, 80 for http) |
| `protocol` | ❌ | One of `http` or `https` (default: `http`) | | `protocol` | ❌ | One of `http` or `https` (default: `https`) |
| `location` | ❌ | NGINX location block path to update (default: `/`) |
Any change in `ip`, `domain`, `port`, or `protocol` triggers `"changed": 1` in `meta.json`. Any change in `ip`, `domain`, `port`, or `protocol` triggers `"changed": 1` in `meta.json`.
@ -235,7 +250,7 @@ MIT (or similar): Open-source, free for use and modification.
## 🤝 Author ## 🤝 Author
<p align="center"> <p align="center">
<a href="https://safe-cap.com" target="_blank"> <a href="https://safe-cap.com" target="_blank">
<img src="https://safe-cap.com/git/safe-cap-logo.png" width="100" height="100";> <img src="img/safe-cap-logo-small.png" width="100" height="100" alt="SAFE-CAP">
</a> </a>
<br><br> <br><br>
**Maintained by SAFE-CAP / Alexander Schiemann / https://safe-cap.com** **Maintained by SAFE-CAP / Alexander Schiemann / https://safe-cap.com**

BIN
img/ip2nginx-how-it-work-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
img/ip2nginx-how-it-work.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 MiB

BIN
img/ip2nginx-logo-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.9 KiB

BIN
img/ip2nginx-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 737 KiB

BIN
img/safe-cap-logo-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.3 KiB

BIN
img/safe-cap-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

2
update.php
View File

@ -40,7 +40,7 @@ function main(): void {
'token' => null, 'token' => null,
'ip' => $clientIp, 'ip' => $clientIp,
'domain' => $clientIp, // fallback to IP if domain not given 'domain' => $clientIp, // fallback to IP if domain not given
'protocol' => 'http', 'protocol' => 'https',
'port' => null, 'port' => null,
]); ]);