Just learned how to do a reverse proxy
-
There is an official guide by Authentik on how to integrate with Immich.
There is an official guide by Immich on how to integrate with Authentik. -
The only thing I don't like about caddy is that using DNS challenge requires recompiling the program itself, and the plugins themselves can be a bit quirky. Mind you, you can easily handle this with a separate program like
legoorcertbotso not a huge deal. -
Used to mess around with multiple Apache Proxy Servers. When I left that job I found Docker and (amongst other things) NPM and I swear, I stared at the screen in disbelief on how easy the setup and config was. All that time we wasted on Apache, the issues, the upgrades, the nightmare in setting it all up...
If I were to do that job again I would not hesitate to use NPM 100% and stop wasting my time with that Apache Proxy mess.
-
Actually my ISP supports IPv6 (it is very erratic though) so I can access some of my services outside through it without using VPNs (only using a reverse proxy for the 443 port), but still is very annoying when I want to use them with IPv4 only networks, such as my carrier mobile data, I suffer from this especially when wanting to use Plex.
-
I’ve never had iOS shut my VPN off, and I use a kill switch so I would immediately know.
-
NPM
Nginx-Proxy-Manager. Got it.
I didn't read the parent comment well enough and was wondering what the Node Package Manager had to do with anything
-
Those ones are fun. If you delete an SSL certificate and haven't removed it from a proxy, the entire container goes down and you have to trawl through logs to find what went wrong.
-
None of those have to be public and can all be accessed with WireGuard. You just proved my point, moron
-
Why don’t we just throw Lemmy behind wireguard while we’re at it.
Literally anything can go behind a VPN. Doesn’t mean much at all. And the majority of those are commonly left on the open internet for friends and family, which would be annoying af to set up with WireGuard.
I have enough issues dealing with VPN issues in my professional life, I don’t want to have to deal with them in my personal life as well.
-
Tells me everything I need to know that you struggle with WireGuard... it's dead simple. And can be completely automated so your household literally doesn't need to do anything and their devices automatically connect to it.
-
Yeah port forwarding just isnt the same. I pretty heavily rely on Nextcloud and Plex doing the port forwarding for me
-
Plex can sometimes get by without port forwarding by using UPnP or NAT-PMP, but I had to open a port to use Plex (before I started using Jellyfin and a reverse proxy).
Same with Nextcloud, you either have to open a port or use a reverse proxy. Reverse proxy is more secure. Good stuff!
Worth mentioning that either way you're opening up ports (you need to open 80 and 443 for the reverse proxy), but that's much better than opening a bunch of ports, one for each thing you're running.
The hardcore security minded people will always scream "use wireguard or whatever", which also works really well (even combined with a reverse proxy that's not exposed to the internet (80 and 443 not forwarded)). I do this for some of the stuff I run that I don't want exposed at all, like my password manager. To access my password manager while out and about, I need to connect to my wireguard thing (my router sets it up for me), and then my phone is effectively back inside my LAN, and I can access whatever I need to. Fortunately it's rare that I need to do this, because my password manager keeps a cached copy on my phone.
Sorry, getting long winded. You get the point!
-
Yeah both Nginx and plex handle making themselves public for me already. But I have a handful of other svcs that id like to move behind a reverse proxy too
