Hey! Sorry for the repeating question, I have a very specific question though.
For context, I access my services using a vpn, and that’s been great. However, I’ve been a lot of people mentioning reverse proxies. Are they necessary or more of a convenience thing? I ask because I don’t see something that I cannot do with my current vpn setup.
Thanks!
No, a reverse proxy is for a web service provider to use, usually for wiring up different backends for different routes, having one place to do rate limiting and tls termination etc. A forward-proxy (or just “proxy) functions in a way that is similar to a vpn, but you don’t need both and a vpn is more thorough in the types of traffic it supports and the security of encryption it provides.
Are they necessary or more of a convenience thing?
Convenience.
Dunno why top answer is necessity, you absolutely can rock open multiple ports that go to different things, same as OP does now through VPN.
But convenience is a big thing… I love caddy reverse proxy for its simplicity and robustness. Here is a docker guide if you wanna try it.
I say it’s a necessity not from a technical standpoint (of course you can just forward random ports directly to services), but from a “doing things the right way” standpoint. Especially if you’re intending to expose services which aren’t expressly designed with internet exposure in mind, a reverse proxy is hugely important for security as far as implementing SSL and authentication
A reverse proxy will let you write domain name -> IP. People use them even in private networks to remove the need to remember a bunch of IPS. They can be used in conjunction with exposed services but exposing them you would do somewhere else (port forwarding in your router)
If you use your services for yourself or family, you don’t need a reversed proxy, but to share some of your services to the public or your friends, you need a reversed proxy in order to let them use/remember your domain name without knowing your public ip given by your isp; for convenience and security reason.
It’s convenient for some services like jellyfin that have a companion app. It’s much easier to just point the app to a domain name you control to get everything working without vpn. The certificate support is nice too.
Say for instance you have a family member that you know won’t be taking the time to setup vpn configs to access this device. It’s easy to just say here is the link the app is asking for and here is your username/password.