🌨️ 💻

  • 0 Posts
  • 15 Comments
Joined 11 months ago
Cake day: December 1st, 2023
  • noobface@lemmy.worldtoSelfhosted@lemmy.worldHelp with reverse proxy architectureEnglish
    3·
    7 months ago

    Are you running redundant routers, connections, ISPs…etc? Compromise is part of the design process. If you have resiliency requirements redundancy will help, but it ratchets up complexity and cost.

    Security has the same kinds of compromises. I prefer to build security from the network up, leveraging tools like VLANs to start building the moat. Realistically, your reverse proxy is likely battle tested if it’s configured correctly and updated. It’ll probably be the most secure component in your stack. If that’s configured correctly and gets popped, half the Internet is already a wasteland.

    If you’re running containers, yeah technically there are escape vectors, but again your attacker would need to pop the proxy software. It’d probably be way easier to go after the apps themselves.

    Do something like this with NICs on each subnet:

    DMZ VLAN <-> Proxy <-> Services VLAN

  • noobface@lemmy.worldtoProgrammer Humor@programming.devThe falsehoods of a senior developer
    42·
    9 months ago

    There are answers, they just take a level of experience to reach that most people aren’t cut out for. You gotta be several principal+ IC roles or Dir+ mgr roles in before the patterns congeal into a plan.

    Challenge is operating at those levels for extended periods requires a super fucking insane level of competency and dedication. Most people hit that spot and coast till retirement cause you’re at $500k+ at FAANG. Few keep looking for new opportunities unless forced to or they’re those corporate robot sharks with the dead eyes.