Oh its still behind a reverse proxy, i just found a template and a few different ways to handle discourse. While still using the official installation method.
I will make a guide shortly. Just incase anyone else needs to use it or i might need to use it again LOL.
There is only a small issue since my install is not using the letsencrypt ssl. The email activation link that got sent out had http instead of https. There is a redirect for all http to https but i would like to force https from the backend so all links have https not http.
This way, if for some reason anyone that has access to my server room. Cannot just plug in an ethernet cable and see the traffic clearly. The connection would still have HTTPS and would make life a little harder for the intruder. I like to have my chain complete HTTPS. Not WAN HTTPS â Reverse Proxy HTTP â backend.
Otherwise that would simply be eggshell security.
Zero Trust, regardless if i know you for 10 years+.
Fair, if you have zero trust to that point where you move in private network, or you canât build secure network after reverse proxy keeping it a gatekeeper.
Havenât you noticed most leaks always come from the inside. This way i know my server security is air tight and the only vulnerability would be humans and my employees understand that 100%.
I have a few high profile cloud users and if there data comes out for some miraculous reason knowing that my server security is air tight. I can then check cameras and know exactly who would be the cause of the data leak.
I think AWS does it in a similar manner, from what iâve seen. Human vulnerability should always be a priority. No matter how secure your server is. One USB stick and its done for.
Because if you donât then itâll, for example, send out email links that link to http rather than https, or link to images with http rather than https. Itâs on by default if discourse can tell that itâs https; Iâm not quite sure why itâs not the default at this point, since Discourse mostly doesnât work if there are any http links.
Itâs not about the connection between the reverse proxy and Discourse but the links discourse makes to itself.