Hey, I’ve got a bunch of services all running in their own containers/vms on Proxmox. All of these have their own ips that are accessible from my network.
I also have a container with a reverse proxy, which acts as a gateway for access to these services (it’s IP is the only one allowed to go through the firewall of each service).
These services have http servers, no encryption. Could someone on my network listen to comms between a service and my reverse proxy?
Would have to play around with VLANs if that’s the case…
Thanks
You must log in or register to comment.
Encryption would be a good idea between the service and the reverse proxy. I’d also look into Proxmox firewall, which is pretty robust. Here’s the link to the documentation: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#chapter_pve_firewall. Definitely worth perusing.
I’ve got firewall set up, services are only accessible through the reverse proxy, was more concerned about something like logging into keycloak and having the password leaked with MitM or another attack of the sort.
Unless someone has physical access to the ports/switch that the traffic flows through, they would not be able to see anything besides broadcast/multicast traffic if they were just snooping with Wireshark. The internal switch of proxmox and any hardware switch you have will forward unicast traffic to the ports those Mac’s reside on, so without port mirrors setup, no one but you should be able to see that traffic.
Good to hear, thanks!
I am interested in this topic as well
deleted by creator
I have just one proxmox hosts which runs everything.
I wasn’t sure if there was any traffic leaked out of the bridge (as it would be to everyone with wifi), though the more I think about it, the less sense it’d make for that to be the case.
I self-host for a myriad of reasons, including a dev server, so ideally I need uptime. Might look into some more advanced stuff when I’ve got time though.
Appreciate the response btw!
deleted by creator
