Might want to upgrade that Ubuntu os. 20.04 went EOS in May. 24.04 has support til 2029

I’ll suggest you look into tailscale. It makes the process a whole lot easier

I assume I need to have a domain name through a DNS service like cloudflare in order to make use of it

Yes, you’re correct here.

Once I have my DNS setup, how do I associate it with my server or point it through the nginx reverse proxy?

You begin by forwarding ports 80 and 443 to your Nginx proxy server. These are the standard ports for http and https requests, respectively. So your Nginx will immediately be able to tell if a request is http or https based on which port it is coming in on.

Next, you would set an A name record on your domain manager. This A name record will point a subdomain to a specific IPv4 address. So for instance, maybe the name is “abs” and the IP is your home WAN IP. So whenever an http or https request comes in on “abs.{your domain}” it will get redirected to your WAN IP. If you wanted to use IPv6, that would be an AAAA name record instead… But if this is your first foray into self-hosting, you probably don’t want to use IPv6.

On Nginx’s side, it receives all of those incoming http and https requests because the ports are forwarded to it. You configure it to take requests for those subdomains, and route them to your various devices accordingly. You’ll also need to do some config for SSL certificates, which will allow https requests to resolve successfully. You can either use a single certificate for the entire site, or an individual certificate for each subdomain. Neither is “more” correct for your needs, (though I’m sure people will argue about that in responses to this).

So for instance, you send a request to https://abs/%7Byour domain}. The domain manager forwards this to your WAN IP on port 443. Nginx receives this request, resolves the SSL certificate, and forwards the request to the device running abs. So your ABS instance isn’t directly accessible from the net, and needs to bounce off of Nginx with a valid https request in order to be accessible.

You’ll want to run something like Fail2Ban or Crowdsec to try and prevent intrusion. Fail2Ban listens to your various services’ log files, and IP-bans repeated login failures. This is to help avoid bots that find common services (like ABS) and try to brute-force them by spamming common passwords. You can configure it to do timeouts with increasing periods. So maybe the first ban is only 5 minutes, then 10, then 20, etc…

Lastly, you would probably want to run something like Cloudflare-DDNS to keep that WAN IP updated. I’m assuming you don’t have a static IP, and you don’t want your connections to break every time your IP address changes. DDNS is a system that routinely checks your WAN IP every few minutes, and pushes an update to your provider if it has changed. So if your IP address changes, you’ll only be down for (at most) 5 minutes. This will require some extra config on your provider’s part, to get an API key and to configure the DDNS service to point at your various A name records.

If you need any help setting the individual services up, let me know. I personally suggest docker-compose for setting up the entire thing (Nginx, DDNS, and Fail2Ban) as a single stack, but that’s purely because it’s what I know and it makes updates easy. But this comment is already long enough, and each individual module could be just as long.

I think you only nginx and dns sorted if you want to go public and or super secure. I acces my servers via their tailscale host name. That includes ios linux android clients. If you don’t know what tailscale is in a few words the easiest way to access your services/servers.

Not familiar with cloudflare. But generally speaking, purchase and register a domain and point the DNS to cloudflare. Configure the A record of your domain to your home’s public IP address. In your firewall you want to set up a translation rule to send any traffic on a port you assign externally to whatever IP and port your nginx server is internally.

You can also consider not exposing any of your services publicly - keeping your home server more secure. Instead set up a wireguard (or other) VPN, expose just that and point your domain or subdomain to it. Then, while you’re away, connect to your VPN and have your audiobookshelf client on your phone connect to you lan IP address /port.

On your DNS provider, the domain name must point to the public IP of your router. All devices connected to your network use the same public IP.

On the router, ports 80 and 443 must be forwarded to the (local IP of) the machine running Nginx.

Nginx must have the domain name point to the local IP of the machine running ABS.

Are you using Nginx or Nginx Proxy Manager?

Edit: If Nginx, as they’re on the same docker setup, instead of the Nginx config pointing to ABS’ local IP you can use 172.17.0.1 (iirc) and the port you used, or the container_name from compose.yaml, e.g. audiobookshelf:3748

I use NginX Proxy Manager so my methods may differ slightly.

Note about domains: It’s always good to buy one.

RIP DuckDNS… it used to be a fairly reliable Dynamic DNS (DDNS) and it cost nothing to make an account and five domains… However, apparently, it was shut down without notice under a month ago.