I’m happily serving a few websites and services publicly. Now I would like to host my Navidrome server, but keep the contents private on the web to stay out of trouble. I’m afraid that when I install a reverse proxy, it’ll take my other stuff online offline and causes me various headaches that I’m not really in the headspace for at the moment. Is there a safe way to go about doing this selectively?

  • Max@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    How will a reverse proxy help?

    Things that a reverse proxy is often used for:

    • making multiple services hosted on the same IP and port
    • SSL termination so that the wider world speaks https and the proxy speaks http to the server. This means the server doesn’t have to do its own key management
    • load balancing services so multiple servers can serve the same request (technically a load balancer but I believe some reverse proxies do basic load balancing)
    • adding authentication in front of services that don’t have their own (note that some of the protections/utility is lost if you use http. Anyone who can see your traffic will also be able to authenticate. It’s not zero protection though because random internet users probably can’t see your traffic)
    • probably something I’m forgetting

    Do any of these match what you’re trying to accomplish? What do you hope to gain by adding a reverse proxy (or maybe some other software better suited to your need)?

    Edit: you say you want to keep this service ‘private from the web’. What does that mean? Are you trying to have it so only clients you control can access your service? You say that you already have some services hosted publicly using port forwarding. What do you want to be different about this service? Assuming that you do need it to be secured/limited to a few known clients, you also say that these clients are too weak to run SSL. If that’s the case, then you have two conflicting requirements. You can’t simultaneously have a service that is secure (which generally means cryptographically) and also available to clients which cannot handle cryptography.

    Apologies if I’ve misunderstood your situation

    • FarraigePlaisteach@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      Thank you for the very informative reply.

      The HTTP and Gemini services are for vintage clients, but I would like the reverse proxy to keep my media collection private (and maybe SSH and SMB too). So I’m serving to modern clients in the case of reverse proxy. I was told that port forwarding is no longer considered secure enough and that if my media gets publicly exposed I could be liable for damages to license holders.