Understanding DNS / Naked Domain Routing (Square Space) and how nginx reverse-proxy handles it.
In this excellent guide we review the basics of dealing with naked domains and reverse-proxy configurations.
DNS stands for Domain Name System. Quick Review.
- The entire internet requires it to modify www.someplace.com into 182.282.282.111 or some ip address.
- It does not do port forwarding or reverse proxying, that is up to service applications like the wonderful nginx proxy to do so.
A Naked Domain...
- A naked domain is just that somewhere.com instead of www.somewhere.com. It is not a root domain that is the '.com'
- Because many services 'hook' to a single domain references and many users may type www or just the naked domain it becomes useful to learn how to set up domain redirection.
For instance here is an example of how to do this in SquareSpace, which has taken over Google domains.
Under the web forwarding, they handle naked domains as in:
Typically however depending on your register may use a bunch of different methods here are some suggestions:
- CNAME Alias as in put '@' or '*' into the CNAME and have it redirect to the target domain. www.yourdomain.com
- In this example you can see that wildcard domain rules are added to SquareSpace DNS servers automatically removing that from the user (there was probably cause for this at some point:
It should be understood that now Squarespace is a middle-man in your DNS redirects, as in:
Which is even more fascinating because it adds IP Level masking for free, almost like a VPN reverse mask to your site. Anyways on to NGINX Reverse Proxy.
One can easily stand up a nginx reverse proxy via this guide. Once you have done that, it's interface is easily accessed via port 81.
One can easily map it to any port to try to obscure it some by simply changing the reference in the docker-compose.yml for the port map:Screenshot at 2025-06-02 12-43-20
ports:
- '80:80'
- '81:81'
- '443:443'
It must be understood:
- Port 80 is requred, all http traffic flows over it.
- Port 443 is required, all https traffic flows over it.
- Port 81 can be moved anywhere you like '11440:81'
Inside you want to add your proxy host as in:
- Again it must be noted this blog is setup to listen on www.hotconfig.com not hotconfig.com ghost blog will not work properly and only 'hooks' to one domain - however nginx proxy doesn't care it just forwards both to the internal port. That is why the domain redirection is done at the dns for us!
Notice that the ghost blog is setup to demask and work with http. The https is handled outside the container by nginx.
It should be noted that the 'SSL' button no longer works from inside the 'Edit Proxy Host.' I found myself needing to go out to the direct SSL tab itself and requesting the certificates from there for updates.
Finally one can click on the SSL tab - and it makes it very easy to request a fresh 'Lets Encrypt' certificate.
Seeing nginx logs:
docker ps -a
Find the name of your nginx docker container:
And you can enter it with:
docker exec -it proxy-manager /bin/bashWhich means 'docker execute with interactive terminal inside the proxy-manager container the program /bin/bash'
You should get a container internal bash as in:
Inside your /var/log/ you can follow the apt / nginx / or lets encrypt logs:
This will aid you lots.
