Soraster

joined 11 months ago
[–] Soraster@alien.top 1 points 11 months ago

Yeah I thought about this problem. I don't want to lock down all ports for nginx, but instead only certain websites through nginx rules.
The webhook receiver would remain open to the public, but would require a long passphrase that would result in ban through fail2ban, if entered incorrectly.

I know this isn't ideal, but that's what I had in mind, when thinking about the problem.

 

Reason for my question is the following:
I want to host some services on my public server and while they all have normal password protection, I want to ensure the security a tiny bit more. Therefore I want to limit the access to the specific services through ufw and nginx to specific IP addresses. For my homeaddress I can use DYNDNS to get my current IP. However that will not work for my phone, when I'm on the go.
I don't want to constantly use vpn, as it slows down the speed of the internet connection significantly. Instead I would much prefer to just simply keep my server updated on my phones IP, so I can update the necessary config files through a script and thus allow my phone to access the services, where ever I am.