Is there any reason for these reddit bot posts? I see people replying to them like they think they're actually Lemmy posts
this post was submitted on 31 Oct 2023
1 points (100.0% liked)
Homelab
22 readers
1 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
If you have multiple services, you will need to use a reverse proxy. For instance, let's say you're running a website, a document repository, nextcloud for personal cloud, etc. They all listen on port 80 for http and 443 for https. How will you set up port forwarding to all of these servers? That's where reverse proxy comes in. You can specify specific subdomains and redirect to the correct servers.
You can also do SSL stripping and other stuff using reverse proxy.
But if you're using only one service and use VPN to connect to your network, you don't need a reverse proxy.
The services all have different IP addresses. You setup your containers and virtual network to use multiple IP addresses on a single physical interface connection.
192.168.1.100:34000 is Plex
192.168.1.101:80 is Website
192.168.1.102:80 is Website 2
I can turn on my VPN and type any of them into the address bar to access them.
A reverse proxy is handy to have even in the presence of a VPN. There are still some applications with thoroughly outdated SSL stacks that are difficult or impossible to secure, for example. A reverse proxy can terminate these connections over a privileged local management network, and accept client connections using a more modern encryption scheme (and even add multi-factor authentication if required).
As others have said though, if you're happy to continue using a VPN to access your self-hosted services, in principle there is no problem with doing so.
TL;DR: Probably not, but you may find it useful for other reasons.
Full thoughts: VPNs and Reverse Proxies are different things, a Reverse Proxy doesn't replace a VPN but can supplement it.
VPN connects you to a network that you're not physically on, encrypting your traffic along the way. Once traffic hits the network, the VON has done it's job. Think of it as a limo. You can't tell what's inside but it gets you there safely.
A Reverse Proxy has no effect on traffic until it's at your network. It's like a directory listing in a shared building, you can have 10 offices in a building with 1 door but you need a way to get to the offices once you go through the main door.
So what does that have to do with security? Well, first of all a reverse proxy is specifically designed to be internet facing, not every other webservice is...so things like malformed HTTP traffic will be dropped before it gets to the web service you're running. Reverse Proxies also handle redirects, HTTPS (some webservices can handle TLS but it's often put off to the proxy), and plenty of other features. Of course a VPN has all that same security (being designed to be webfacing).
If you want to protect data on your local network (and you should) you will want a reverse proxy to allow you to use SSL on all your services. A reverse proxy allows you to easily implement SSL on apps that are only exposed as HTTP (unencrypted).