aries/nginx/README.md

# nginx reverse proxy
One of the neat features of aries is that there is an HTTP/HTTPS reverse proxy that I use to securely expose some of my services to the internet.

### HTTP -> HTTPS redirect
HTTPS is forced

### Let's Encrypt TLS Termination
Since this nginx is exposed to the internet, I have setup a script that will generate a publicly trusted Let's Encrypt certificate for HTTPS sessions. On my LAN, my HTTPS services all use certificates generated from my internal certificate authority, so they would never be publicly trusted.

### Domain names only
No connections by IP only are allowed, everyone must have a hostname when conencting.

### conf.d
For simple deployments, all internal services that I would like to expose to the internet can be setup using `.conf` files in the `conf.d` directory. For Let's Encrypt to generate a certificate for a domain name, these configs need to supply a domain name which is publicly accessible.
Added README.md 2020-03-18 19:15:35 -04:00			`# nginx reverse proxy`
			`One of the neat features of aries is that there is an HTTP/HTTPS reverse proxy that I use to securely expose some of my services to the internet.`

			`### HTTP -> HTTPS redirect`
			`HTTPS is forced`

			`### Let's Encrypt TLS Termination`
			`Since this nginx is exposed to the internet, I have setup a script that will generate a publicly trusted Let's Encrypt certificate for HTTPS sessions. On my LAN, my HTTPS services all use certificates generated from my internal certificate authority, so they would never be publicly trusted.`

			`### Domain names only`
			`No connections by IP only are allowed, everyone must have a hostname when conencting.`

			`### conf.d`
updated readme 2020-03-18 19:18:04 -04:00			For simple deployments, all internal services that I would like to expose to the internet can be setup using `.conf` files in the `conf.d` directory. For Let's Encrypt to generate a certificate for a domain name, these configs need to supply a domain name which is publicly accessible.