rjcn.dev

Blog

  • Homelab #1 – Setup Zoraxy to connect local services to your domain via SSL

    currently I’m running umbrelOS on my RaspberryPi 5 locally on my home server.

    My goal was to access installed apps from the internet with SSL and a valid (sub-)domain like so:

    https://wordpress.example.com

routing to local umbrel IP and Port of wordpress or any other app you want to install ->

http://192.168.1.25:8567

    Here is how to do it:

    ⚙️ Prerequisites

    • umbrelOS installed and running (e.g., on Raspberry Pi or Debian server)
    • Zoraxy installed as an Umbrel app (via Umbrel App Store)
    • A domain or dynamic DNS address (e.g., example.com or umbrel.example.com)
    • Access to your router for port forwarding
    • Basic understanding of local IPs and ports

    Small warning before you start:

    ⚠️ Security Risks

    Opening your home server to the internet can expose it to constant scanning and automated attacks. Hackers often target weak passwords, outdated apps, and misconfigured reverse proxies. A single exposed port or forgotten app could give attackers access to your entire system.

    🔐 Privacy Concerns

    Self-hosting gives you control, but also full responsibility. Any mistake in network or DNS configuration could accidentally leak private information or make internal services publicly visible.

    If you don’t know what you are doing then please first get comfortable with network security.

    Funny story:

    I set this up yesterday, and when i checked Zoraxy this morning I already saw multiple unknown IP addresses from various countries which where trying to scan my local setup.

    If you want to be on the safe side you can check out Cloudfare Tunnel.

    🔌 Step 1: Configure Router Port Forwarding

    To make Zoraxy reachable from the internet, you’ll need to forward two ports in your router:

    External PortInternal PortTarget DeviceDescription
    80 (HTTP)41080 (Zoraxy)Umbrel IPRedirects to HTTPS
    443 (HTTPS)41443 (Zoraxy)Umbrel IPSecure access

    ⚠️ Important:
    Don’t forward any other ports (like 8567 or 22). Zoraxy will handle the routing internally.

    ⚙️ Step 2: Access Zoraxy Dashboard

    1. On your local network, open http://umbrel.local:8000
      (or by local IP, e.g. http://192.168.1.42:8000)
    2. Login with your Zoraxy admin credentials.
    3. Go to Create Proxy Rules.

    Step 3: Add the domain for your App


    Example of domain matching keyword:
    aroz.org
    Any acess requesting aroz.org will be proxy to the IP address below


     Subdomain
    Example of subdomain matching keyword:
    s1.aroz.org
    Any request starting with s1.aroz.org will be proxy to the IP address below

    • Enter your Umbrel IP as Target IP with the Port assigned to the App you want to access e.g.:
      • 192.168.1.42:8567

    Step 4: Add SSL Certificate

    Go to:

    HTTP Proxy -> your site -> TLS / SSL -> Get Certificate

    Enabled ACME Auto-Renewer

    🧱 Step 5: Keep Umbrel Private

    Zoraxy should be the only service exposed to the internet.
    Umbrel’s web dashboard (port 80) must not be publicly accessible.

    If you notice your example.com points directly to Umbrel’s login page, update your router’s port forwarding to send port 80/443 to Zoraxy, not Umbrel directly.

    🛡️ Step 6: Secure and Monitor

    To keep your setup safe:

    • Use strong admin passwords (Umbrel + Zoraxy + WordPress)
    • Keep Umbrel and Zoraxy updated
    • Enable Zoraxy’s built-in rate limiting and auth protection
    • Consider using Fail2Ban or UFW firewall on the host OS

    🥳 Step 7: Enjoy!

    You can now access your WordPress installation at:

    https://wordpress.example.com