Setting up DMZ - assistance

Dear Community,

My present setup works good, but I believe, not secured:

image463×613 28.5 KB

Needed ports are opened in the firewall rules, eg:

• 80 and 443 going to Nginx Proxy Manager VM
• 9091 to Transmission
  etc…

Problem of this setup, is that it prevents me to have 80 and 443 going to another VM (for let’s encrypt purpose for exemple)

Do you think the below setup could solve my issues:

image762×512 32 KB

my questions are:

• using DMZ, do I need to forward 80 and 443 to a single machine? or is it for the whole ORANGE?
• Do I need Nginx Proxy Manager on my GREEN?
• Is this setup more secured? Keeping in mind that all VM are Fail2ban protected, and not listening to port 22

Any comment / help are welcome.
thanks

See bottom of this wiki page:

Does this help answer your question?

You would need a firewall rule to go from Internet to Orange. Probably similar to what you have now. See:

The other questions need to be answered by someone more knowledgable!