npub1tj54dz997wrdyqgf8sc36z3upy3ld0ujmwqyx42dtqxcwc7l68fqlx5ry2 (npub1tj5…5ry2) Even if in theory I could put both Keycloak and nginx to run directly behind my residential router and expose the ports directly, this isn't what I've done (neither what I've done for most of my web-based services).
I have a Linode box with a static public IP that runs nginx as a pure reverse proxy, it has some VPN interfaces configured, and it reverse proxies requests to the devices behind my router over VPN.
It may be excess of precaution, but in general I avoid exposing HTTP-based services directly through my residential router - better to have an external box connected over controlled VPN connections to reverse proxy the requests.
Fabio Manganiello /
npub1v7…ukv0u
2023-08-03 00:26:08
in reply to nevent1q…p48h
Author Public Key
npub1v78mmuz20p6qd6nve30axhqu74avwn4f6z4grhug7755rat7wh3syukv0uPublished at
2023-08-03 00:26:08Event JSON
{
"id": "0943c16b7dd89bfb7b3f311fb8386cc3f2fbf41ae36bd0e39c12123c73fb5a96",
"pubkey": "678fbdf04a787406ea6ccc5fd35c1cf57ac74ea9d0aa81df88f7a941f57e75e3",
"created_at": 1691015168,
"kind": 1,
"tags": [
[
"p",
"5ca95688a5f386d201093c311d0a3c0923f6bf92db8043554d580d8763dfd1d2",
"wss://relay.mostr.pub"
],
[
"p",
"6bcc5d6c6c03ca87494130e65fd4db3e4b0dcd53b331d6bbf9ab538458caff34",
"wss://relay.mostr.pub"
],
[
"e",
"dcabc10b8bd7e2878e4bbae35d1afd28c8006429519eddbc333f188dceb39dc3",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://social.platypush.tech/users/blacklight/statuses/110822370075247322"
]
],
"content": "nostr:npub1tj54dz997wrdyqgf8sc36z3upy3ld0ujmwqyx42dtqxcwc7l68fqlx5ry2 Even if in theory I could put both Keycloak and nginx to run directly behind my residential router and expose the ports directly, this isn't what I've done (neither what I've done for most of my web-based services).\n\nI have a Linode box with a static public IP that runs nginx as a pure reverse proxy, it has some VPN interfaces configured, and it reverse proxies requests to the devices behind my router over VPN.\n\nIt may be excess of precaution, but in general I avoid exposing HTTP-based services directly through my residential router - better to have an external box connected over controlled VPN connections to reverse proxy the requests.",
"sig": "b213541a96fd261eb51f7501a0550052d6e216ae84e61afa184e6629e00809ceb7632409c59d87411e0464c910fcee89af8481212e38905a5f70b87522a4300f"
}