this post was submitted on 31 Oct 2023
1 points (100.0% liked)

Homelab

22 readers
1 users here now

Rules

founded 1 year ago
MODERATORS
 

Hey! Sorry for the repeating question, I have a very specific question though.

For context, I access my services using a vpn, and that's been great. However, I've been a lot of people mentioning reverse proxies. Are they necessary or more of a convenience thing? I ask because I don't see something that I cannot do with my current vpn setup.

Thanks!

top 6 comments
sorted by: hot top controversial new old
[–] krolden@lemmy.ml 1 points 1 year ago

Is there any reason for these reddit bot posts? I see people replying to them like they think they're actually Lemmy posts

[–] jayaram13@alien.top 1 points 1 year ago (1 children)

If you have multiple services, you will need to use a reverse proxy. For instance, let's say you're running a website, a document repository, nextcloud for personal cloud, etc. They all listen on port 80 for http and 443 for https. How will you set up port forwarding to all of these servers? That's where reverse proxy comes in. You can specify specific subdomains and redirect to the correct servers.

You can also do SSL stripping and other stuff using reverse proxy.

But if you're using only one service and use VPN to connect to your network, you don't need a reverse proxy.

[–] vasveritas@alien.top 1 points 1 year ago

The services all have different IP addresses. You setup your containers and virtual network to use multiple IP addresses on a single physical interface connection.

192.168.1.100:34000 is Plex
192.168.1.101:80 is Website 192.168.1.102:80 is Website 2

I can turn on my VPN and type any of them into the address bar to access them.

[–] Homerhol@alien.top 1 points 1 year ago

A reverse proxy is handy to have even in the presence of a VPN. There are still some applications with thoroughly outdated SSL stacks that are difficult or impossible to secure, for example. A reverse proxy can terminate these connections over a privileged local management network, and accept client connections using a more modern encryption scheme (and even add multi-factor authentication if required).

As others have said though, if you're happy to continue using a VPN to access your self-hosted services, in principle there is no problem with doing so.

TL;DR: Probably not, but you may find it useful for other reasons.

Full thoughts: VPNs and Reverse Proxies are different things, a Reverse Proxy doesn't replace a VPN but can supplement it.

VPN connects you to a network that you're not physically on, encrypting your traffic along the way. Once traffic hits the network, the VON has done it's job. Think of it as a limo. You can't tell what's inside but it gets you there safely.

A Reverse Proxy has no effect on traffic until it's at your network. It's like a directory listing in a shared building, you can have 10 offices in a building with 1 door but you need a way to get to the offices once you go through the main door.

So what does that have to do with security? Well, first of all a reverse proxy is specifically designed to be internet facing, not every other webservice is...so things like malformed HTTP traffic will be dropped before it gets to the web service you're running. Reverse Proxies also handle redirects, HTTPS (some webservices can handle TLS but it's often put off to the proxy), and plenty of other features. Of course a VPN has all that same security (being designed to be webfacing).

[–] SillyLilBear@alien.top 1 points 1 year ago

If you want to protect data on your local network (and you should) you will want a reverse proxy to allow you to use SSL on all your services. A reverse proxy allows you to easily implement SSL on apps that are only exposed as HTTP (unencrypted).