Comment on Planning on setting up Proxmox and moving most services there. Some questions
stown@sedd.it 10 months agoSecurity. Keeping publicly accessible and locally accessible on different networks.
Comment on Planning on setting up Proxmox and moving most services there. Some questions
stown@sedd.it 10 months agoSecurity. Keeping publicly accessible and locally accessible on different networks.
DeltaTangoLima@reddrefuge.com 10 months ago
Hmmm - not really any more. I have everything on the same VLAN, with publiclya ccessible services sitting behind nginx reverse proxy (using Authelia and 2FA).
The real separation I have is the separate physical interface I use for WAN connectivity to my virtualised firewall/router - OPNsense. But I could also easily achieve that with VLANs on my switch, if I only had a single interface.
The days of physical DMZs are almost gone - virtualisation has mostly superseded them. Not saying they’re not still a good idea, just less of an explicit requirement nowadays.