I have installed nginx on an Arch Linux VPS with Vultr. I intend to use it to serve files to myself and two colleagues. I have setup three accounts for us all with login names and passwords via the .htaccess and .htpasswd files. I will also be adding a certificate with let’s encrypt before the server will be used.
The data we will be sharing is commercially sensitive. Is there anything else I need to worry about? Is there anything else I can do to harden the server?
A simple webserver secured by htaccess is not inherit insecure, but there are a lot of steps you can take to improve security further: Like proper authentication via OICD or something similar. Only access to the server via VPN, files encrypted, and so on.