Thanks! Is the point of reverse-proxying your public-facing services to make them private?
I have a general idea. I appreciate the info :). I’ve made a point of having nothing sensitive in the contents or the requests (I don’t have any forms, for example. It’s all static pages).
Thank you for the very informative reply.
The HTTP and Gemini services are for vintage clients, but I would like the reverse proxy to keep my media collection private (and maybe SSH and SMB too). So I’m serving to modern clients in the case of reverse proxy. I was told that port forwarding is no longer considered secure enough and that if my media gets publicly exposed I could be liable for damages to license holders.
Linux running HTTP and Gemini servers. This is fine from home using port forwarding and afraid.org’s dynamic DNS.
They’re lightweight sites that exist to be accessed by vintage computers which aren’t powerful enough to run SSL.
That’s reassuring. Thanks, I was struggling with the concept and where to start but I should be fine now since I’m handy enough with a terminal.
Wonderful. Thank you!
Thanks, that’s a great explanation. I’m looking forward to being able to SSH in without port forwarding.
So those ports that I don’t put in the config remain publicly accessible? That would be perfect.
Thanks. You’re right about Navidrome supporting authentication. I’m using HTTP instead of HTTPS, though. I was advised to use a reverse proxy to avoid potential legal issues.
The standard is that everything gets captured by the proxy? I want to leave the HTTP and Gemini servers public. I also want those and SMB to remain accessible on the LAN.
That is such a clear explanation and makes a lot of sense, thank you again.
Since the services I’m interested in serving are authenticated then it sounds like HTTPS is what I need (which is what originally made the most sense to me). That’s a relief. I just need to figure out how to have separate HTTP and HTTPS services hosted from the one ARM service.