Hi,
I want to make some of my services (like Nextcloud, Immich, Komga, Jellyfin and FreshRSS for example) on my home server easier accessible from remote. For that I want to use a VPS where I install Nginx and Wireguard on it and establish a VPN connection between it and my homeserver. So far so good.
My first question: For the services that I don’t want to expose for remote access over that setup, can I just keep my Nginx instance that I have running now for these services. For example my budgeting service is available under finance.example.com as long as I’m in the same network as my home server right now. Would that still be possible when I have 2 Nginx instances running (one on the VPS and one on the home server directly) or would I need to configure it differently for that to work?
My second question:
Do I need to install Fail2Ban on my VPS or can I also install it on my homeserver?
I would say if you need to ask this, you might not be ready to expose your home sever to the internet. Please be VERY careful about this.
With that being said, setting up reverse proxy (nginx) on the VPS should not affect the reverse proxy on your home server in any way.
In the proposed setup, the VPS will be directly exposed to the internet - it’s the “gateway” to your network. If someone gains access to the VPS, they have access to your home server and probably other devices in your network. So yes, you need to secure the VPS as much as you can. Fail2ban or Crowdsec are a good idea. Setting them up on the home server wouldn’t really do anything against an attacker with access to the VPS.