Celejar wrote: > Interesting. I thought my usecase was a pretty straightforward one - I > have various typical home user services that I have no intention of > making available on the public internet, so I don't bother with SSL, > but I do want to access them relatively securely across my local > network. port forwarding via ssh seemed like an easy and solid > solution, but perhaps it's not commonly done.
Fairly common. You can add stanzas like this: (nginx): location /someserver/ { proxy_pass http://127.0.0.1:4444/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ""; allow 192.168.0.0/24; allow 127.0.0.1; deny all; } This changes it from a port number to a URL path, allows your local network and localhost to access it, and denies it to others, should they come across the path. Apache and other webservers can do similar things. -dsr-