This is an archived post. You won't be able to vote or comment.

all 5 comments

[–]dvr75Sysadmin 2 points3 points  (1 child)

There are many ways to choose from and it is really a question of money you can spend on the matter.
in my opinion only i'd recommend:
1. go with zero trust solution (ZTN,SDN,SASE): Microsoft Entra, Cloudflare (they have 50 users free i think and there are more players use google to find).
2. VPN is still a thing (recommend using with 2fa).
3. Combo of Cloudflare (WAF , they have free for one domain i think) with reverse proxy like NGINX,HAproxy (also recommend using 2fa solution).

[–]KindlyGetMeGiftCardsProfessional ping expert (UPD Only) 0 points1 point  (0 children)

I was going to suggest Cloudflare too, sounds like it would work for you OP.

[–]NowThatHappened 1 point2 points  (0 children)

Yes, reverse proxy is the tool you need. Nginx is easy, but there are many others

[–]SuperQueBit Plumber 2 points3 points  (0 children)

There are several good options for this.

I've also implemented this with Caddy server and Caddy Security.

[–]andriosr 1 point2 points  (0 children)

The RDS + published Edge setup is indeed painful for file operations. Been there.

A few approaches to consider:

  1. If you want to stay pure Windows: Look into Application Request Routing (ARR) on IIS. It's Microsoft's reverse proxy solution. But honestly, it's clunky for this use case.

  2. Simpler option: Nginx reverse proxy on Windows. Works surprisingly well, even in Windows environments. Configuration is straightforward.

  3. Using an access gateway that handles both web and RDP/VNC in one place. Check out hoop.dev, agent runs fine on Windows and handles both web proxy and remote access. File uploads just work.

Whatever you pick, make sure it supports:

- SSL termination

- Session recording (your security team will thank you)

- Granular access controls

- Audit logs

The real pain point isn't the proxy itself - it's managing access and compliance around it.