|
|
|
|
|
|
by ziml77
49 days ago
|
|
|
I think he wants Traefik's proxied requests to come from a different subnet, that way externally you need to authenticate but internally you don't. Personally I wouldn't bother with that and instead I would not directly expose the service to the internet at all, and just use a VPN. I don't trust that any services I run are safe to expose to the internet unless they are very intentionally designed for that. |
|
|
At the end of the post I mention, that having proper separation would've helped, but again, that's a whole project...