So I have played with a few ways to get external access and have read a few posts here and thought I would write up what I did. It will not suit everyone and my set up is probably different from yours, but hey, maybe someone else will get something out of it.
So firstly my set up includes access for other services running in the home, including some downloading stuff (Sonarr, CouchPotato, NZBGet), a kodi box that I am still trying to work out if I can allow external access or should just pay for plex. Of course I also have a pi running brewpi as well. All in all currently I have 3 pi’s and a NAS, this may increase in the coming months. Also I have a DNS entry for my home cable (IP address hasn’t changed in 4years) and letsencrypt set up so all my communications go over https instead of insecure http. Then I have set up htaccess specifically for brewpi, the other things I am running have built in security so not needed for them.
In this set up I have nginx installed on a first pi that has the router forwarding http (port 80) and https (port 443) to it. Then on the proxy pi I have configured the nginx default conf to add these things
1: Divert all http to https
2: Adding the SSL info from lets encrypt.
3: Reverse proxy all connections coming in to the correct ports for the service they are connecting to. For example Sonarr’s default port is 8083 so I direct https://your.domain.com/sonarr to the pi running that service, in this example it is on the same pi so it goes to http://localhost:8083. For brewpi I have it running a different pi, so https://your.domain.com/brewpi goes to http://brewpi.ip.number:80 (probably don’t need the :80 there…)
4: Inside the brewpi container I have added htpasswd options to protect the login with a username and password
If you want you can do only 3, the other bits are just bells and whistles.
If you want to do the htpasswd bit there are some simple commands to do this.
On the pi running nginx
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd exampleuser
Change exampleuser to the user you want to log in as
The tool will prompt you for a password.
Re-type new password:
Adding password for user exampleuser
Then you will need to move brewpi into a new dir called brewpi, in my set up my brewpi dir in apache is in /var/www/html/brewpi
Then restart nginx and it should reflect the changes.
There is a diagram on github with a copy of my config (with private info removed) https://github.com/charliwest/pi-set-up
Maybe this will help someone.