Closed opn closed 8 years ago
WardCunningham
commented
9 years ago My approach is to ignore them. If I want to count sites I run a find command to kill empty sites first.
@nrn runs a tighter ship with a reverse proxy in front of wiki. I could find a description in email if he doesn't post something here first.
nrn
commented
9 years ago Yeah, my normal setup has more than one service on a box anyway, all wanting to share port 80. So I will run a reverse proxy on port 80 (usually something custom in node, but nginx or apache would work well when configured right). Traffic then comes in to the same IP on a multitude of different hosts on port 80, that traffic is then directed to different ports on the same box, all the names that I want to be wiki's get directed to the farm on the port. Then names that I don't expect don't get directed to the farm.
paul90
commented
9 years ago I’m using nginx, just configure it to only accept the domains you’re expecting, using wildcards if necessary - and have a default to catch all the rest that uses return 444 so the connection is silently dropped.
This does of course, sadly, add an extra step to creating new wiki in the farm.
There is also a three part tutorial, New Ubuntu 14.04 Server Checklist https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 which covers the basic server security.
opn
commented
9 years ago Thanks - guys. I'll go with @WardCunningham unsecurity strategy for now :) Until I get the overall setup sorted with RESTful access etc. I've started a quick federated note over here - david.viral.academy/view/wiki-farm-security# - and quoted you guys.
I've set up a server farm on Digital Ocean using the script here - https://gist.github.com/nrn/f818fa7decfd910362b7
Just checked - and I've a few weird domains popping up in ~/.wiki/ -- stuff like ya.ru So I'm asking about how people go about security here - I've not added thee domains to the DNS - any thoughts / advice?