Comment on Help with reverse proxy architecture
tofubl@discuss.tchncs.de 5 months agoRight, I could have been more precise. I’m talking about security risk, not resilience or uptime.
That is a fair point.
It’ll probably be the most secure component in your stack.
So, one port-forward to the proxy, and the proxy reaching into both VLANs as required, is what you’re saying. Thanks for the help!
markstos@lemmy.world 5 months ago
It depends on the trade-offs you want to make. If you want to maintain one less Nginx install with a little more risk, that’s a way to go.
If your priority is security, use a separate proxy for your private services and do allow your public VLAN access into your private VLAN.
My home network only has public services on it right now, but now you are making me think I should segment it further if I want to host any truly private services there.
tofubl@discuss.tchncs.de 5 months ago
The answer seems to always be “not segmented enough”. ;)