Comment on Help with hosting internal and external services with DMZ and docker swarm
TheButtonJustSpins@infosec.pub 1 year ago
I’d have all your services internal and have an additional reverse proxy in the DMZ that connects back to the internal services for anything that you expose.
mhzawadi@lemmy.horwood.cloud 1 year ago
This is kind of how my setup looks, only without the DMZ. PFSense NAT to nginx lxc, terminates the SSL/TLS and then uses both my swam nodes as upstream for docker services. Docker services are behind traefik, each service is its own network in docker. If its a webby service you hit treafik not a port.
TheButtonJustSpins@infosec.pub 1 year ago
I have exposed endpoints hitting HAProxy in pfSense, which then reverse proxies as needed. Same thing, basically.