gre tunnel vs reverse proxy?
Hi, i'm currently using a reverse proxy for most of my web sites, but i want to know advantages and disadvantages between a gre tunnel and a reverse proxy.
I'm considering switch because i need add third party access, so this put me in the need of constantly configure nginx to add vhosts/setup ssl and with a gre tunnel i think i can avoid this step and just pass the traffic to my real servers (80/443) or not?
But don't know if i will be able to restore true client ip's and another of my concerns is about performance, currently with nginx i can handle large quantity of http connections with a really minimum load on a small vm (buyvm 1g).
Comments
I assume that that proxy and websites are on different machines.
My understanding of GRE is that the tunnel per se is not encrypted, so you would still need a reverse proxy with SSL. You can restore a client's true IP with a GRE tunnel..through the reverse proxy :-)
yes
I still need to setup the reverse proxy with all domain names and add ssl certs for all of them?
Wouldn’t you need a reverse proxy somewhere anyway? Or are you having each website listen to a different IP on port 80?
Regardless on whether I’m right that GRE tunnels are encrypted or not, could you please describe your current setup including machines and how content is served?
All my sites are wordpress and i use buyvm to filter attacks.
my setup:
BuyVM VPS with Anti DDoS IP (Nginx Reverse Proxy +10 domains with SSL manually configured) > Hetzner Dedicated Server (+10 WordPress Sites running with OpenLiteSpeed)
setup which i imagine:
buyvm Anti DDoS IP with gre tunnel > Hetzner Dedicated Server on all ports or 80/443 only.
I need to avoid add new server blocks/ssl setup on nginx (buyvm) every time and just do it on origin server (hetzner) since i will give third party access and they will add, remove domains constantly.
Completely out of my depth here, but what about using a SSH tunnel on ports 80 and 443 from BuyVM VPS to Hetzner dedi instead of using a GRE tunnel?
Didn't know about it >.<
I managed finally to run properly gre tunnel and works as i needed (i still have few problems to keep changes on firewall), but i will try ssh tunnel as well, looks more easier.
Thanks.
@donko you could always ticket @Francisco and see if he’ll do a static route for you to hetzner for the anti-ddos IP
Don't even need to ticket.
You can use proxyarp.
Francisco
Must be the best words to ever say out by a hosting provider after “thanks for your payment”.
The more I can automate, the less I have to pay towards my workers bar tabs/liver translplants.
Francisco