v10.17 (build: May 28 2024)

Server behind the DMZ



It is not always safe for remote employees to open server ports on the Internet due to network attacks.
As a solution to the problem, you can use reverse-proxy in the "Demilitarized Zone" (DMZ).
The proxy will redirect TCP traffic from remote clients to the server in the intranet.
Thus, with massive network attacks, the complex server will be less vulnerable.

As a proxy-server you can use nginx in reverse-proxy mode (ngx_stream_proxy_module).
Below is an example of settings for nginx when proxying from external port 12345 to internal complex server:22222
stream {

 server {
  listen 12345;
  proxy_pass server:22222;
 }

}

When installing the client part, it is recommended to specify the external proxy IP in the connection line, separated by comma after the internal IP. In this case, the client will automatically reconnect to the external address if there is no connection with the internal corporate server.

© Scopd