Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Pros & Cons – Firewall vs. Reverse Proxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Pros & Cons – Firewall vs. Reverse Proxy (Read 1026 times)
9axqe
Full Member
Posts: 201
Karma: 4
Pros & Cons – Firewall vs. Reverse Proxy
«
on:
March 22, 2024, 05:23:56 pm »
Hello, I am trying to setup immich on my home NAS and I am brainstorming what's the best strategy for network connectivity, especially for guests (I regularly share photos with family, friends, etc.).
Immich is setup in Docker on a Synology NAS. I use the Synology reverse proxy already locally.
First, IPv4 vs. IPv6: I am tempted to make it IPv6-only. It simplifies a lot of things when it comes to keeping traffic local when on the home network. This decision is also entangled with the next point.
Second, securing the connection: geoBlock is one idea, what else would you recommend? The problem is, it's TLS up to the Syno reverse proxy.
Alternatively, I enable caddy reverse proxy on opnsense and I daisy-chain caddy and synology reverse proxy (I assume this should work fine), as caddy can then inspect the content of the traffic and probably significantly improve security. IPv4 becomes also a no-brainer if using caddy on opnsense router.
Any experience with having two reverse proxies daisy-chained and with the security benefits of using caddy vs. "just" opnsense?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1619
Karma: 177
Re: Pros & Cons – Firewall vs. Reverse Proxy
«
Reply #1 on:
March 22, 2024, 05:48:20 pm »
There are no real security benefits (except encryption of http/s traffic) from using caddy as reverse proxy. Its benefit is being a TLS Termination Proxy that gets you easy TLS Certificates for your websites. You only get enhanced security (additional to encryption) if you combine it with crowdsec.
https://docs.opnsense.org/manual/how-tos/caddy.html#integrating-caddy-with-crowdsec
Also, running two reverse proxies daisychained will give you a bad experience. You should choose one and let it handle all the proxying.
Logged
Hardware:
DEC740
9axqe
Full Member
Posts: 201
Karma: 4
Re: Pros & Cons – Firewall vs. Reverse Proxy
«
Reply #2 on:
March 22, 2024, 06:23:03 pm »
Thanks for the feedback. I'll go with firewall, as I already have crowdsec configured on opnsense.
Do you know if crowdsec will also monitor traffic which is not directed at the WAN interface of the opnsense router but rather an IPv6 (GUA) on the home network behind it?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Pros & Cons – Firewall vs. Reverse Proxy