FarraigePlaisteaċ @ FarraigePlaisteach @lemmy.world

Posts

19

Comments

315

Joined

2 yr. ago

My MD players still play but no longer record. I can’t find anyone in my country to repair / replace the record head.

Thank you again for the response. The summary is very helpful too.

It looks like I don’t need the reverse proxy, since the sensitive services* support authentication and HTTPS.

I would need the lighttpd service to be available over unsecured HTTP too, but if that’s not possible I could always use a different subdomain.

• A small music and film library

“The Chinese spying” - As opposed to the American spying?

That is such a clear explanation and makes a lot of sense, thank you again.

Since the services I’m interested in serving are authenticated then it sounds like HTTPS is what I need (which is what originally made the most sense to me). That’s a relief. I just need to figure out how to have separate HTTP and HTTPS services hosted from the one ARM service.

Thanks! Is the point of reverse-proxying your public-facing services to make them private?

I have a general idea. I appreciate the info :). I’ve made a point of having nothing sensitive in the contents or the requests (I don’t have any forms, for example. It’s all static pages).

Thank you for the very informative reply.

The HTTP and Gemini services are for vintage clients, but I would like the reverse proxy to keep my media collection private (and maybe SSH and SMB too). So I’m serving to modern clients in the case of reverse proxy. I was told that port forwarding is no longer considered secure enough and that if my media gets publicly exposed I could be liable for damages to license holders.

Linux running HTTP and Gemini servers. This is fine from home using port forwarding and afraid.org’s dynamic DNS.

They’re lightweight sites that exist to be accessed by vintage computers which aren’t powerful enough to run SSL.

That’s reassuring. Thanks, I was struggling with the concept and where to start but I should be fine now since I’m handy enough with a terminal.

Wonderful. Thank you!

Thanks, that’s a great explanation. I’m looking forward to being able to SSH in without port forwarding.

So those ports that I don’t put in the config remain publicly accessible? That would be perfect.

Thanks. You’re right about Navidrome supporting authentication. I’m using HTTP instead of HTTPS, though. I was advised to use a reverse proxy to avoid potential legal issues.

The standard is that everything gets captured by the proxy? I want to leave the HTTP and Gemini servers public. I also want those and SMB to remain accessible on the LAN.

Thank you so much. That clears up all my doubts. I’m running an ARM server ok the lan with port forwarding for HTTP (80) Gemini (1965) and SMB (not forwarded).

I made a typo in my original question: I was afraid of taking the services offline, not online.

The commentary will turn your brain to puree, though.

Thank you for having a conscience. I agree.

The pixelated look is fashionable at the moment. I wonder if that’s the reason.

It’s one thing to tweak a browser that comes in kit form from Mozilla’s code. It’s another thing altogether to continue maintaining it if Firefox ever dies. I don’t know if any of these clones have the kind of teams needed to do all the work Mozilla have done for them.