Hey! Sorry for the repeating question, I have a very specific question though.
For context, I access my services using a vpn, and that’s been great. However, I’ve been a lot of people mentioning reverse proxies. Are they necessary or more of a convenience thing? I ask because I don’t see something that I cannot do with my current vpn setup.
Thanks!
If you want to protect data on your local network (and you should) you will want a reverse proxy to allow you to use SSL on all your services. A reverse proxy allows you to easily implement SSL on apps that are only exposed as HTTP (unencrypted).
If you have multiple services, you will need to use a reverse proxy. For instance, let’s say you’re running a website, a document repository, nextcloud for personal cloud, etc. They all listen on port 80 for http and 443 for https. How will you set up port forwarding to all of these servers? That’s where reverse proxy comes in. You can specify specific subdomains and redirect to the correct servers.
You can also do SSL stripping and other stuff using reverse proxy.
But if you’re using only one service and use VPN to connect to your network, you don’t need a reverse proxy.
The services all have different IP addresses. You setup your containers and virtual network to use multiple IP addresses on a single physical interface connection.
192.168.1.100:34000 is Plex
192.168.1.101:80 is Website 192.168.1.102:80 is Website 2I can turn on my VPN and type any of them into the address bar to access them.
TL;DR: Probably not, but you may find it useful for other reasons.
Full thoughts: VPNs and Reverse Proxies are different things, a Reverse Proxy doesn’t replace a VPN but can supplement it.
VPN connects you to a network that you’re not physically on, encrypting your traffic along the way. Once traffic hits the network, the VON has done it’s job. Think of it as a limo. You can’t tell what’s inside but it gets you there safely.
A Reverse Proxy has no effect on traffic until it’s at your network. It’s like a directory listing in a shared building, you can have 10 offices in a building with 1 door but you need a way to get to the offices once you go through the main door.
So what does that have to do with security? Well, first of all a reverse proxy is specifically designed to be internet facing, not every other webservice is…so things like malformed HTTP traffic will be dropped before it gets to the web service you’re running. Reverse Proxies also handle redirects, HTTPS (some webservices can handle TLS but it’s often put off to the proxy), and plenty of other features. Of course a VPN has all that same security (being designed to be webfacing).
Is there any reason for these reddit bot posts? I see people replying to them like they think they’re actually Lemmy posts
A reverse proxy is handy to have even in the presence of a VPN. There are still some applications with thoroughly outdated SSL stacks that are difficult or impossible to secure, for example. A reverse proxy can terminate these connections over a privileged local management network, and accept client connections using a more modern encryption scheme (and even add multi-factor authentication if required).
As others have said though, if you’re happy to continue using a VPN to access your self-hosted services, in principle there is no problem with doing so.
Assuming you can connect to the VPN from anywhere in the world - it’s an exposed service that could potentially be a target for prying eyes. If you’ve got systems in place to try detect unwanted attempts to connect then neat :)
I’ve just switched off my Wireguard VPN and trialing out Cloudflare Tunnels (free offering only) and find it great.
A really nice feature is that you can set up rules for “apps” - only connections originating from my country and with an approved e-mail address can proceed through the tunnel.
Everything I’ve set up is limited to HTTP/S traffic, and I’ve had to migrate my domain to CLoudflare… don’t see myself going back to VPN (anytime soon).