This post is part of a series. Part 1, Part 2. In the last part I briefly mentioned load balancers and proxies. After thinking about it for a while, I realized I see no reason not to run one, since it simplifies things a bit when setting up secure web services. In this part, we… Continue reading Securing an Internet accessible server – Part 3
Category: Security
WordPress behind HAProxy with TLS termination
My current project has been to set up a publicly accessible web server with a decent level of security. It has been an interesting exercise in applying “old” knowledge and gathering some new. This weekend I finished this project for now. The current setup is as follows: Behind my firewall, where I NAT port 80 and… Continue reading WordPress behind HAProxy with TLS termination
Securing an Internet accessible server – Part 2
In part 1 we made it significantly harder to gain access to our server once it is opened up to the Internet – but we’re not quite ready for that yet. In this post we’re exploring a firewall in Ubuntu, ufw, which stands for “uncomplicated firewall”, and we’ll set up some additional hardening using Fail2Ban to protect ourselves… Continue reading Securing an Internet accessible server – Part 2
Securing an Internet accessible server – Part 1
This article is part of a series. Part 2. Let’s look at a simple scenario, and see how common tools in the Linux and BSD world can help us: We want to be able to remote control a server from wherever in the world, but we really don’t want others to be able to log… Continue reading Securing an Internet accessible server – Part 1