Comment on Two VPNs?
JoeKrogan@lemmy.world 1 week ago
I have the arr stack connected to gluetun doing its thing and then wireguard on the host. I only expose my reverse proxy to the host and can connect to the services through that.
Note the networks below vpn net allows it to talk to the gluetun network which has the other stuff. The gluetun and arr stuff are in a separate compose file that defines the network. Then the non vpn stuff connects to that network when it comes up
nginx: image: nginx:1.25.4-alpine-slim container_name: nginx restart: always volumes: - /etc/letsencrypt/:/etc/letsencrypt/ - ./nginx/nginx.conf:/etc/nginx/nginx - ./nginx/conf/:/etc/nginx/conf.d/:ro - ./nginx/htpasswd:/etc/apache2/.htpasswd:ro - /var/log/nginx:/var/log/nginx/ - ./www/html/:/var/www/html/:ro - ./content/Movies:/var/www/media/Movies:ro - ./content/Shows:/var/www/media/Shows:ro ports: - 443:443 security_opt: - no-new-privileges networks: - reverse-proxy_service1 - reverse-proxy_serviceN - vpn-stack_vpn-net depends_on: - service1 - serviceN
jobbies@lemmy.zip 1 week ago
Ahh. Of course. I don’t know why I hadn’t thought of that.
Should I consider deploying a reverse proxy? I hear that setting one up can be painful.
I notice you have multiple reverse-proxy services under ‘networks’ - do you set up a separate network for each service?
illusionist@lemmy.zip 1 week ago
Nginx proxy manager is easy to use. It has a nice gui. Caddy is incredibly simple after installing. It just has no gui. It cam’t be simpler than caddy, just 3 lines.
JoeKrogan@lemmy.world 1 week ago
Well i have the rp as i only want one port exposed. I have separate networks per service too to isolate things. Only the things that need to talk to each other can.
My stuff is only accessible on the lan and via the vpn and even then only certain ips have access to certain things.
In your case it might be different , but generally a reverse proxy is better as you can have a single point of access to secure and you are not exposing all of your ports to the host or the internet.
foggy@lemmy.world 1 week ago
I wouldn’t say setting up a reverse proxy (to your home LAN) is painful. Its just generally Ill advised. Its painful if compromised.