I need some advice. A while back, I came across the topic of reverse proxies and decided to steer clear. Fast forward to now, and here I am, needing a website more than ever.
I’ve set up my domain, CNAME records, wildcard records, reverse proxy hosts, and wildcard SSL certificates. Everything seems to be functioning, though I’ve noticed about 200 visits to my Nginx proxy manager, all showing blank pages, which is a bit concerning—likely just bots, I assume.
I’m torn between diving in to learn everything properly or just pushing forward, figuring things out as I go. At the moment, I’m doing a bit of both—deploying, learning, and getting help from ChatGPT, who’s been incredibly useful but sometimes prone to errors.
One concern I have is getting stuck in thought loops—acting on ideas that might be wrong or misinformed, possibly wasting time on strategies that experienced web hosts wouldn’t bother with.
I’ve been experimenting with various configurations:
- Wildcard subdomains in Cloudflare: To catch requests that don’t reach the root record, allowing me to serve custom 404 pages.
- Full strict SSL/TLS in Cloudflare:
- Placeholder proxy hosts in NPM pointing to loopback port 9.
- Wildcard proxy hosts with and without valid SSL certs.
- No proxy hosts, which serves NPM’s welcome page.
These setups can trigger different error codes like:
- 502 Bad Gateway
- 525 Handshake Fail
- 526 Invalid SSL
I’m currently exploring whether using these configurations could offer any security benefits:
- 502 Bad Gateway: Reveals that a backend service exists but is unreachable, potentially exposing vulnerabilities.
- 526 Invalid SSL: Only signals an SSL validation failure, revealing minimal details.
- 525 Handshake Fail: Implies SSL is present but not functioning correctly, possibly confusing attackers.
Is there any real advantage to spending time on this, or should I drop the idea and stick to setting up only the necessary DNS records and proxy hosts, letting everything else fail at the browser level with DNS resolution issues?