10 Mar
2023
10 Mar
'23
4:53 a.m.
I’m new here, but I build this kind of tech infrastructure in my job. I agree with Yardena
that it makes sense not to put a web server function directly on an internet front line of
defense; if possible you want it somewhere else to avoid opening holes for attackers. You
can simply forward (proxy) the needed ports as suggested. If you’re wanting to retire the
older server or just avoid complexity of maintaining them both that’s also reasonable, but
it isn’t as safe in case Omni or Sudo Room become targets.
As an alternative related to the earlier discussion about logging changes, it might make
sense to use some infrastructure tools like cfengine to track changes as code and
simultaneously make it possible to trivially rebuild a system if it fails, but maybe not
yet as it isn’t familiar to everybody who might be helping.
Sven