dargmuesli
commented
1 year ago cc @myyxl could you help me answer the question this ticket is about? :heart:
Open dargmuesli opened 1 year ago
dargmuesli
commented
1 year ago cc @myyxl could you help me answer the question this ticket is about? :heart:
myyxl
commented
1 year ago Check out https://github.com/Paul-Reed/cloudflare-ufw/tree/master
Ideally every port should be blocked except 443 (and 80?). And only Cloudflare should be able to access these ports.
For SSH, we could use tailscale: https://tailscale.com/kb/1077/secure-server-ubuntu-18-04/ This would also enable us to connect more servers and devices into the VPN.
dargmuesli
commented
1 year ago Thank you for the great references! Would you be up to be assigned on this ticket? It's low priority, but it's your topic I think :wink:
myyxl
commented
1 year ago Sure!
Currently, it is possible to get a response from the server when entering the server's ip into a browsers address bar. The reverse proxy does show a
404though as the IP address does not match any route. Routes are only configured for domains likemaev.si.Evaluate if it's possible and desirable to only accept incoming requests that are covered by cloudflare by setting rules in a firewall.