Now, given the above conflicting advice, I am unsure whether this should be closed to ensure security or left open now that we want to setup the reverse proxy. While I was unable to access the chat server remotely before, I was, after this change, then able to access the pi on their public-ip:3000 in browser. Where we are up to so far is that yesterday I told him to forward port 3000 of public-ip to internal port 3000 of the pi. So I have to ask questions and then gather info beforehand to relay to him to make the changes. What makes it more cumbersome is that I am doing this remotely for a network that isn’t mine and the owner only has small windows of about an hour at a time a couple of times a week to make changes to the router settings. So yea I really don’t know what is correct right now. Others again say you should not port forward anything at all as the reverse proxy will handle it all without exposing any ports. Others still say you should port forward 3000 as well as 443 for ssl and 80 for the redirect to ssl. Others say you should never expose any port as it is a security hole. Some say you should forward only port 3000 from public-ip of the network to the pi’s ip. I have received very conflicting replies so for when asking on general networking/self hosting based forums about what ports have to be forwarded to the pi for this to work correctly. Don’t have the errors as it was days ago but besides I have more familiarity with nginx since I used it successfully about a year ago for another rocketchat server. I am planning to go with nginx for the reverse proxy because when I tried with snap and caddy some errors came up which I looked on github seem to be a bug. Now I am quite confused about what ports have to be opened if using reverse proxying. Handed the pi back to the owner where the server will be homed on their home network, which we want to give internet access for others to join. I have installed rocketchat on a pi3 b via snaps.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |