a bit help for security concept
I would like to get some ideas on how to increase/ maintain my security concept.
As of Today:
I have an ESXi machine with pfSense running. On pfSense an OpenVPN server is running, so that I can access my LAN from phone. for VPN I use port 443 (TCP)
I would like to host a website and other services, reachable from the WWW without the vpn connection.
a maybe solution:
I red a bit about reverse proxy, that they can decrease the attack surface. So I was thinking to create a DMZ network. all incomming traffic on port 80 and 443 will be redirected to the DMZ network. within the DMZ network is a reverse proxy, that will "route" the traffic to the correct entity. so in my case there should be the openvpn server and a webpage on port 443 and 80.
first question, I assume the port from openvpn and the ssl port from the webserver might clash, correct?
2nd question. is there any easy setup within pfsense, to configure a reverse proxy and to tell the openvpn package that it shall listen to the reverse proxy?