# nginx reverse proxy
One of the neat features of aries is that there is an HTTP/HTTPS reverse proxy that I use to securely expose some of my services to the internet.

### HTTP -> HTTPS redirect
HTTPS is forced

### Let's Encrypt TLS Termination
Since this nginx is exposed to the internet, I have setup a script that will generate a publicly trusted Let's Encrypt certificate for HTTPS sessions. On my LAN, my HTTPS services all use certificates generated from my internal certificate authority, so they would never be publicly trusted.

### Domain names only
No connections by IP only are allowed, everyone must have a hostname when conencting.