nginx reverse proxy security
How secure is nginx rproxy ?
I need a reverse proxy to access my 'internal' proxmox vms.
I configured nginx with
# Allow only connections from the specified IP
allow x.x.x.x; #my home ip
deny all;
This works (checked proxy using my mobile and got a 403 Forbidden).
I am also running the proxy on a random port.
So is that 'reasonably' secure or do you have any other suggestions?
Thanks
If you develop Open Source Software we can give you a free VM
Comments
I suggest you to not rely upon IP address based ACL for authentication. Use passwords instead.
Check our KVM VPS plans in ๐ต๐ฑ Warsaw, Poland and ๐ธ๐ช Stockholm, Sweden
Good point - although all of the 'internal' vms are already password protected but I agree more layers are good hence my question.
Thanks
edit - added to config
auth_basic "Restricted Site";
auth_basic_user_file /path/to/.htpasswd;
If you develop Open Source Software we can give you a free VM
If answering your broad question, I would evaluate is as battle-tested solution (applicable only for stable releases). See https://nginx.org/en/security_advisories.html
Check our KVM VPS plans in ๐ต๐ฑ Warsaw, Poland and ๐ธ๐ช Stockholm, Sweden
Since this is only for you, why not Tailscale?
I run a small VM on PVE with TS just for this propose.
Understood - I already run Zerotier and have my own zt controller which work fine.
I also use openwrt with ZT as my router for 10 nodes providing access to multiple proxmox networks and vms.
My key problem is that because of proxmox & openwrt firewalls, I can't access the openwrt web interface as this is only available on the lan side. Using a reverse proxy (over ZT) solves this problem but as discussed I am concerned about the security over nginx and want it locked down as much as possible,
I have messed around with Proxmox SDN but find it too restrictive in comparison to the SDN's you can create with openwrt.
If you develop Open Source Software we can give you a free VM