14 lines
867 B
Markdown
14 lines
867 B
Markdown
# nginx reverse proxy
|
|
One of the neat features of aries is that there is an HTTP/HTTPS reverse proxy that I use to securely expose some of my services to the internet.
|
|
|
|
### HTTP -> HTTPS redirect
|
|
HTTPS is forced
|
|
|
|
### Let's Encrypt TLS Termination
|
|
Since this nginx is exposed to the internet, I have setup a script that will generate a publicly trusted Let's Encrypt certificate for HTTPS sessions. On my LAN, my HTTPS services all use certificates generated from my internal certificate authority, so they would never be publicly trusted.
|
|
|
|
### Domain names only
|
|
No connections by IP only are allowed, everyone must have a hostname when conencting.
|
|
|
|
### conf.d
|
|
For simple deployments, all internal services that I would like to expose to the internet can be setup using `.conf` files in the `conf.d` directory. Let's Encrypt uses these configs to verify a domain name. |