2023-12-08, 05:18 PM
(2023-12-08, 08:07 AM)enesha Wrote: Thanks for the replyI am still a little unclear.
Multi services one port...could be useful I suppose. I understand that JF isn't hardened, but how does that apply here? Seems like you said the reverse proxy would handle the SSL handshake and choose the cipher..ok sure, but doesn't it just pass things on to the server after that? How is that functionally more secure than having JF do the handshake is the data is then just passed through the proxy to the server? It would be the same cert, right? So after the encryption is negotiated, the proxy would just pass anything good or bad through to the server anyway, right? Perhaps taking the cpu strain of the initial encryption from the host machine and putting that on the proxy?
How would it provide more security than the hardened network appliance I use as a gateway now? I don't just hang jf off a public IP and hope for the best.
What would you do if you wanted to let's say, expose jellyseerr or jfa-go for external access. You've already mapped 443 to jellyfin, so this is where a reverse proxy comes in handy. Multiple services all behind 443.
Caddy also has a couple of geo restriction modules I find handy. You can set up geofence to block ips outside a certain range from your server, or use the maxmind module to allow/deny countries or postal codes. Very useful.
Another great use is using a reverse proxy and dns server to supply .local domains to your services.