I have installed nginx on an Arch Linux VPS with Vultr. I intend to use it to serve files to myself and two colleagues. I have setup three accounts for us all with login names and passwords via the .htaccess and .htpasswd files. I will also be adding a certificate with let’s encrypt before the server will be used.
The data we will be sharing is commercially sensitive. Is there anything else I need to worry about? Is there anything else I can do to harden the server?
There is lots more that should be considered when hardening the server. You may want to consult a sysadmin if you are doing this commercially. A password is very weak authentication.
A simple webserver secured by htaccess is not inherit insecure, but there are a lot of steps you can take to improve security further: Like proper authentication via OICD or something similar. Only access to the server via VPN, files encrypted, and so on.
Just some simple advice, use a vpn if possible to only allow access to resources from it. As soon you’re launching nginx online it will be hammered with brute force and exploit attacks.
