Reverse Proxy
Recommended exposure
Section titled “Recommended exposure”- Expose
license-server-detailvia HTTPS - Keep
license-monitorAPIs private whenever possible
Nginx example
Section titled “Nginx example”server { listen 443 ssl; server_name dashboard.example.edu; ssl_certificate /path/to/fullchain.pem; ssl_certificate_key /path/to/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5;
location / { proxy_pass http://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}Hardening guidance
Section titled “Hardening guidance”- Restrict source IPs that can reach
:8080monitor endpoints - Use network ACLs/VPN for management traffic
- Add request logging and retention at proxy layer