I have installed nginx on an Arch Linux VPS with Vultr. I intend to use it to serve files to myself and two colleagues. I have setup three accounts for us all with login names and passwords via the .htaccess and .htpasswd files. I will also be adding a certificate with let’s encrypt before the server will be used.

The data we will be sharing is commercially sensitive. Is there anything else I need to worry about? Is there anything else I can do to harden the server?

  • Dodecahedron December@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    There is lots more that should be considered when hardening the server. You may want to consult a sysadmin if you are doing this commercially. A password is very weak authentication.

  • ElevenNotesB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    A simple webserver secured by htaccess is not inherit insecure, but there are a lot of steps you can take to improve security further: Like proper authentication via OICD or something similar. Only access to the server via VPN, files encrypted, and so on.

  • sino@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Just some simple advice, use a vpn if possible to only allow access to resources from it. As soon you’re launching nginx online it will be hammered with brute force and exploit attacks.