I have a general idea. I appreciate the info :). I’ve made a point of having nothing sensitive in the contents or the requests (I don’t have any forms, for example. It’s all static pages).
FarraigePlaisteach
joined 1 year ago
Thank you for the very informative reply.
The HTTP and Gemini services are for vintage clients, but I would like the reverse proxy to keep my media collection private (and maybe SSH and SMB too). So I’m serving to modern clients in the case of reverse proxy. I was told that port forwarding is no longer considered secure enough and that if my media gets publicly exposed I could be liable for damages to license holders.
Linux running HTTP and Gemini servers. This is fine from home using port forwarding and afraid.org’s dynamic DNS.
They’re lightweight sites that exist to be accessed by vintage computers which aren’t powerful enough to run SSL.
That’s reassuring. Thanks, I was struggling with the concept and where to start but I should be fine now since I’m handy enough with a terminal.
Wonderful. Thank you!
Thanks, that’s a great explanation. I’m looking forward to being able to SSH in without port forwarding.
So those ports that I don’t put in the config remain publicly accessible? That would be perfect.
Thanks. You’re right about Navidrome supporting authentication. I’m using HTTP instead of HTTPS, though. I was advised to use a reverse proxy to avoid potential legal issues.
The standard is that everything gets captured by the proxy? I want to leave the HTTP and Gemini servers public. I also want those and SMB to remain accessible on the LAN.
Thank you so much. That clears up all my doubts. I’m running an ARM server ok the lan with port forwarding for HTTP (80) Gemini (1965) and SMB (not forwarded).
I made a typo in my original question: I was afraid of taking the services offline, not online.
view more: next ›
Thanks! Is the point of reverse-proxying your public-facing services to make them private?