I recently realized one thing:
I’m running low on available ports.
This is because, out of the fear that my ISP will randomly block suspicious activity or try to sniff around, I have same service running on a range of ports, and I use them randomly to avoid possible man-in-the-middle hackers.
This, however, result in my running low on available ports.
Nginx is now supporting the WebSocket draft
and it’s ability to do the reversed proxy stuff comes in really handy here, since all my services utilize either https or wss conections.
By using the location directive I can proxy connections to different local services based on the url params. Besides, as I have mentioned, there will be only one SSL certificate to update after doing so.
But there are other problems
The advanced firewall running on my device now need to be reconfigured, it should now be looking at X-Real-IP and X-Forwarded-For headers. Besides I’m not sure those deep packet inspection rulers will be valid after the proxy.
Analyzing the packet before they hit Nginx can be an option, but I’ll need to categorize them based on params now as well.
Performance side, proxy can never be 0 cost. Especially when you want to do other tricks, for example gzip and cache.
Conclusion
Still, I believe it is a good move, as long as the params remain short and Nginx itself doesn’t case any trouble.