I’m running multiple web applications for my company in our local servers which also have to be accessible from outside. I’ve been progressively migrating most of them to docker, but I still need to have some services running directly on separate physical servers.
Before that we used to use apache reverse proxy on ubuntu server to route all the traffic to the correct server, but after migrating to docker I switched to traefik which also easily handles Let’s encrypt certificates which I used to encrypt all of our connections as previously all would run on plain http.
In the next weeks I will be going through a major upgrade to a new pfsense firewall, and I was thinking if it could be better to directly reverse proxy from pfsense and not through the traefik on the first docker server as I would be able to reduce by one hop the path from the firewall to the services as now all the traffic goes through pfsense, traefik (in docker server) and then to the other servers.
So my question as in the title is, what would be the best practice in this situation?