Server behind the DMZ

It is not always safe for remote employees to open server ports on the Internet due to network attacks.
As a solution to the problem, you can use reverse-proxy in the "Demilitarized Zone" (DMZ).
The proxy will redirect TCP traffic from remote clients to the server in the intranet.
Thus, with massive network attacks, the complex server will be less vulnerable.

As a proxy-server you can use nginx in reverse-proxy mode (ngx_stream_proxy_module).
Below is an example of settings for nginx when proxying from external port 12345 to internal complex server:22222

stream {

 server {
  listen 12345;
  proxy_pass server:22222;
 }

}

When installing the client part, it is recommended to specify the external proxy IP in the connection line, separated by comma after the internal IP. In this case, the client will automatically reconnect to the external address if there is no connection with the internal corporate server.

v9.80 (build: Jul 4 2023)
Introduction +Software suite structure +Software suite installation +Software suite uninstall +Software suite update +Global settings -Other Remote employees Server behind the DMZ Remote monitoring via internet https-access configuration Server transfer Client service Key activation LDAP for PostgreSQL SSL-encryption for SQL +FAQ +Technical support	Server behind the DMZ It is not always safe for remote employees to open server ports on the Internet due to network attacks. As a solution to the problem, you can use reverse-proxy in the "Demilitarized Zone" (DMZ). The proxy will redirect TCP traffic from remote clients to the server in the intranet. Thus, with massive network attacks, the complex server will be less vulnerable. As a proxy-server you can use nginx in reverse-proxy mode (ngx_stream_proxy_module). Below is an example of settings for nginx when proxying from external port 12345 to internal complex server:22222 stream { server { listen 12345; proxy_pass server:22222; } } When installing the client part, it is recommended to specify the external proxy IP in the connection line, separated by comma after the internal IP. In this case, the client will automatically reconnect to the external address if there is no connection with the internal corporate server.
© Mirobase