Comment on Question WRT secure networking with Podman/Docker stack and a reverse proxy in a VM "DMZ"

<- View Parent
glizzyguzzler@piefed.blahaj.zone ⁨1⁩ ⁨week⁩ ago

I do see Authentik can apparently act as a reverse proxy, so it can sit at the very front. But I’d lose out on caddy + crowdsec then…

I’ll have to do some reading if caddy can actually just forward to caddy, and where the TLS is terminated and all that.

And I do use the internal setting now, but I need it off if I want to publish the port on the LAN so that the VM can see the ports on the LAN. But if I can have WAN caddy do the auth check and forward along good stuff to the LAN caddy, then I’ll only need to publish LAN caddy’s port and that’s not the worst at all.

Thanks for the ideas, I’ll try to cook “caddy (DMZ) -> auth OIDC (DMZ) -> caddy (LAN) -> services (LAN)”!

original
Sort:hotnewtop