Fabio Manganiello on Nostr: npub1tj54d…x5ry2 Even if in theory I could put both Keycloak and nginx to run ...
npub1tj54dz997wrdyqgf8sc36z3upy3ld0ujmwqyx42dtqxcwc7l68fqlx5ry2 (npub1tj5…5ry2) Even if in theory I could put both Keycloak and nginx to run directly behind my residential router and expose the ports directly, this isn't what I've done (neither what I've done for most of my web-based services).
I have a Linode box with a static public IP that runs nginx as a pure reverse proxy, it has some VPN interfaces configured, and it reverse proxies requests to the devices behind my router over VPN.
It may be excess of precaution, but in general I avoid exposing HTTP-based services directly through my residential router - better to have an external box connected over controlled VPN connections to reverse proxy the requests.
Published at
2023-08-02 22:26:08Event JSON
{
"id": "0943c16b7dd89bfb7b3f311fb8386cc3f2fbf41ae36bd0e39c12123c73fb5a96",
"pubkey": "678fbdf04a787406ea6ccc5fd35c1cf57ac74ea9d0aa81df88f7a941f57e75e3",
"created_at": 1691015168,
"kind": 1,
"tags": [
[
"p",
"5ca95688a5f386d201093c311d0a3c0923f6bf92db8043554d580d8763dfd1d2",
"wss://relay.mostr.pub"
],
[
"p",
"6bcc5d6c6c03ca87494130e65fd4db3e4b0dcd53b331d6bbf9ab538458caff34",
"wss://relay.mostr.pub"
],
[
"e",
"dcabc10b8bd7e2878e4bbae35d1afd28c8006429519eddbc333f188dceb39dc3",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://social.platypush.tech/users/blacklight/statuses/110822370075247322"
]
],
"content": "nostr:npub1tj54dz997wrdyqgf8sc36z3upy3ld0ujmwqyx42dtqxcwc7l68fqlx5ry2 Even if in theory I could put both Keycloak and nginx to run directly behind my residential router and expose the ports directly, this isn't what I've done (neither what I've done for most of my web-based services).\n\nI have a Linode box with a static public IP that runs nginx as a pure reverse proxy, it has some VPN interfaces configured, and it reverse proxies requests to the devices behind my router over VPN.\n\nIt may be excess of precaution, but in general I avoid exposing HTTP-based services directly through my residential router - better to have an external box connected over controlled VPN connections to reverse proxy the requests.",
"sig": "b213541a96fd261eb51f7501a0550052d6e216ae84e61afa184e6629e00809ceb7632409c59d87411e0464c910fcee89af8481212e38905a5f70b87522a4300f"
}