I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?

Edit: Thanks for the tips everyone!

  • karlthemailman@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    How do you have this set up? Is it possible to have a single verification process in front of several exposed services? Like as part of a reverse proxy?

    • InEnduringGrowStrong@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yes it’s running in my reverse proxy.
      Nginx is doing my “client ssl verify” in front of my web services.
      You can even do this on a per uri/location.
      For example, my nextcloud is open without client certs so I can share files with people, but the admin settings path is protected by client ssl.

    • dinosaurdynasty@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yup, there are many ways of doing that. Most reverse proxies should support basic auth (easy, but browser UX is terrible and it breaks websockets) or TLS client auth (even worse browser UX, phones are awful).

      The best thing is do something like Caddy + Authelia (which is what I currently do with most things, with exceptions for specific user agents and IPs for apps that require it, aka non-browser stuff like Jellyfin),