I've been a member here for a while, but this is my first time asking for help. We've developed a comprehensive platform for a healthcare company, which includes a mobile app, an admin dashboard, and an API. The API and dashboard will be accessible through subdomains like api.company.com and admin.company.com. However, the issue is that their VPS is set up within their internal network, using a private IP like 192.168.x.x. I can access it via VPN, and we use Dokploy for deployment management. My main question is how to set up Dokploy in this scenario while ensuring traffic from the public internet correctly routes to the internal server. I know their sysadmins probably have a solution in place, but I'm looking to understand how I might tackle this myself. In the past, everything was hosted on a Hetzner VPS, which was much simpler. Dokploy initially requires port 3000 to set up, but that can be disabled after we configure a custom domain. Here are a few more questions I have: How will we handle SSL certificates since the server can't connect externally to Let's Encrypt? Also, how can we send emails from the application without converting the internal VPS into a mail server? One option I'm considering is using a load balancer with a public IP to direct traffic to the internal server, but I'd love to hear more about potential architectures and best practices, and any pitfalls I should avoid.
1 Answer
You've got quite a few elements to manage here, and ideally, it would be best to work with someone experienced in deploying such solutions. However, if that’s not viable, I would advise being upfront with them that this app is intended for external use and shouldn't be confined to an internal network. If your platform is truly a "mobile app," dealing with VPNs on users' devices can be tricky, especially given the healthcare context. Also, if you're unsure about internal Certificate Authorities (CAs), that could pose challenges.
Thanks for your input! It's reassuring to know they have experts to step in. Just to clarify, what exactly does CA mean in this case? I assume it stands for Certificate Authority?