Protect unprotected websites with dhis2-tools-ng

[kfeina]

Hello,

If I'm not wrong, some websites like /munin or /project-glowroot are visible to the public internet. This is not a big security issue but maybe someone could get valuable information about our systems.

To protect those web directories we could do it via htpasswd

For example:

mkdir /etc/apache2/htpasswd htpasswd -c /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd admin or (if inside an script): htpasswd -b -c /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd admin testpassword

And inside /etc/apache2/upstream, for each project to protect:

////////////////////////////////////////////// <Location /tomcat1-glowroot>

Require all granted

Require user admin
AuthType Basic
AuthName "Protected site"
AuthUserFile /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd
ProxyPass "http://192.168.0.14:4000/tomcat1-glowroot"
ProxyPassReverse "http://192.168.0.14:4000/tomcat1-glowroot"

////////////////////////////////////////////// For Munin we could do something like: htpasswd -c /etc/apache2/htpasswd/munin-htpasswd admin

And inside /etc/apache2/upstream <Location /munin>

Require all granted

Require user admin
AuthType Basic
AuthName "Protected site"
AuthUserFile /etc/apache2/htpasswd/munin-htpasswd
ProxyPass "http://192.168.0.30/munin"
ProxyPassReverse "http://192.168.0.30/munin"

What do you think ? Does it make sense ?

Regards.

[tkipkurgat]

Hello Kfeina, We are currently transitioning to the use of dhis2-server-tools, which are Ansible-based. These tools address the issues you are discussing, providing secure deployments.