# nginx reverse proxy
One of the neat features of aries is that there is an HTTP/HTTPS reverse proxy that I use to securely expose some of my services to the internet.

### HTTP -> HTTPS redirect
HTTPS is forced

### Let's Encrypt TLS Termination
Since this nginx is exposed to the internet, I have setup a script that will generate a publicly trusted Let's Encrypt certificate for HTTPS sessions. On my LAN, my HTTPS services all use certificates generated from my internal certificate authority, so they would never be publicly trusted.

### Domain names only
No connections by IP only are allowed, everyone must have a hostname when conencting.

### conf.d
For simple deployments, all internal services that I would like to expose to the internet can be setup using `.conf` files in the `conf.d` directory. Let's Encrypt uses these configs to verify a domain name.