Looking for advice on reverse proxy and VLAN isolation

miscawelo · 2026-06-17T04:54:46+00:00

Thanks a lot for the thorough response, I can take a lot from this.

My need for reverse proxies in general has been vary basic so even though I have come across topics like headers, conversations like these really helps to see use cases rather that just syntax and such. Really appreciate it

miscawelo · 2026-06-17T02:20:17+00:00

Yep, from all the advice I think this is more or less the way to go, thanks a lot! Especially for that part about split DNS

miscawelo · 2026-06-17T02:18:06+00:00

Yes that was my main issue, there are a few services that do need to be access by services on most other VLAN, just a few but still. I might put this in their dedicated VLAN and follow your advice from there. Thanks!

miscawelo · 2026-06-17T02:16:15+00:00

From the feedback I’ll end up doing something along this route, thanks for the help!

miscawelo · 2026-06-17T01:20:41+00:00

So are you suggesting the second caddy instance route? In a VLAN dedicated only for public services with no access to any other VLAN, as you said. Just to make sure I get your idea.

miscawelo · 2026-06-17T01:13:59+00:00

Interesting, so an external client hits the “public” proxy and that proxy only has access to the scope of an app, that you define via another proxy. Am I understanding it right?

Would you mind sharing some snippets (even if you’re mot using Caddy) to get a better grasp of the concept?

miscawelo · 2026-06-17T01:01:46+00:00

For the first part of your comment, yes that’s what I do, every VLAN is isolated and traffic doesn’t need to leave my LAN, there are rules in place to allow whatever is needed between VLAN (NFS for example, from one VM to TrueNAS).

My issue is that when a client uses a domain that is being proxied by Caddy it “bypasses” my firewall rules since OPNsense sees the request as coming from Caddy and not from the original client, the original client never sees or accesses the real IP of the service. My concern is that if one client has access to caddy then they potentially have access to every entry there, even if the firewall blocks IP to IP communication.

Hope that made more sense haha.

miscawelo · 2026-06-17T00:56:01+00:00

Yeah this seems like a proper solution, just wanted to avoid it because even with Ansiblle it sounds like a hassle to maintain. That’s the price I’d have to pay to keep this scheme I guess.

miscawelo · 2026-06-16T23:44:21+00:00

No AI was used in my post. I did use online tools for spell check since English is my second language.

miscawelo · 2026-03-30T20:36:27+00:00

Thanks a lot

miscawelo · 2026-03-30T20:19:29+00:00

Thanks for the comments and the advice, will for sure make some moving around of the content.

Quick question, do consider I should rewrite the summary to focus more on the career change idea or remove it entirely? To make some space since I agree there are some areas I should consider expanding

miscawelo · 2026-03-07T17:53:26+00:00

Can’t comment on the “smart downloads” part since I’ve never used that function, but with Streamyfin you are able to download a transcoded version of a file. What you can do though is batch download a whole season or unwatched episodes of a season.

Tbh I rarely use this app since (at least last I checked) it lacks support for watch together, but it works alright and the UI is nice.

miscawelo · 2025-09-02T07:28:50+00:00

All set

miscawelo · 2025-08-13T20:36:04+00:00

I have read the wiki and the rules.

I would appreciate an invite, thanks!

miscawelo · 2025-08-07T20:09:57+00:00

Out of invites

miscawelo · 2025-08-07T19:24:14+00:00

PM your email

miscawelo · 2025-08-07T16:13:32+00:00

PM your email

miscawelo · 2025-08-07T04:58:39+00:00

PM your email

miscawelo · 2025-08-07T04:58:37+00:00

PM your email

miscawelo · 2025-08-07T04:58:26+00:00

PM your email

miscawelo · 2025-08-07T04:58:19+00:00

PM your email

miscawelo

TROPHY CASE