Reverse Proxy

From Sea of Fate
Revision as of 10:39, 16 February 2026 by Wikisailor (talk | contribs) (SSL Certs)
Jump to navigationJump to search

Introduction

The Reverse Proxy will be a Virtual Machines based on Nginx as it is a fairly light install and will be easily capable of forwarding all traffic to the Webservers in the Home Lab.

Redirecting Unknowns

It should have a default website that forwards anything that is unknown to the main website. Another redirect should be set up for anything that appears as an IP address because it should be possible to get the IP address, maybe, even though most of the DNS entries at Cloudflare are proxied. I think that there should be a redirect in place for the MySQL Server and the SFTP server although it is unlikely to be a problem.

SSL Certs

There are three types of SSL cert that we may use for our webservers. Self Signed, Cloudflare origin (maybe not an actual type but mor on them later) and public SSL certs, in this case Letsencrypt SSL certs, as they are free to use. both Cloudflare and self signed certs can have a very long duration but generally public certs life cycle is short, maybe a week.

=Letsencrypt SSL Certs

The main advantage of the Letsencrypt SSL Certs is that they are instantly recognised and trusted by virtually every devices that accesses the Internet. The downside is that they are usually only valid for a very short period so will need to be renewed frequently. To do the renewal there is a bot called acme.sh that will download it within the required period so not too much of a problem once it is setup. Like most certs they can be either for a single domain name or be for a wildcard domain that is all subdomains of a single high level domain name eg *.seaoffate.net, the main stipulation of Letsencrypt wildcard certs is that it will only allow one level deep eg wiki.seaoffate.net is fine as it is only one dot but best.wiki.seaoffate.net would not be acceptable as it is two levels deep from the top (two dots). Indecently, Cloudflare origin certs also only allow one ply deep. For setup details of the certificate and the bot see here.


Self Signed SSL Certs

we can setup Self Signed SSL Certs but they are of limited value now as Letsencrypt and Cloudflare origin Certs are so easy to acquire now and at zero cost. The good thing about them though is that they can be a stop gap solution that requires minimal time. further details can be found here

Retrieved from "https://wiki.seaoffate.net/index.php?title=Reverse_Proxy&oldid=1142"