How-To-Secure-A-Linux-Server
Nginx Proxy Manager
Our great sponsors
How-To-Secure-A-Linux-Server | Nginx Proxy Manager | |
---|---|---|
48 | 651 | |
16,594 | 19,167 | |
- | 8.6% | |
4.6 | 8.8 | |
about 1 month ago | about 16 hours ago | |
JavaScript | ||
Creative Commons Attribution Share Alike 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How-To-Secure-A-Linux-Server
-
Automating the security hardening of a Linux server
I have been using the How To Secure A Linux Server guide for quite a while and wanted to learn Ansible, so I created two playbooks to automate most of the guides content. The playbooks are still a work in progress.
-
Connecting to docker containers rarely work, including via Caddy (non docker) reverse proxy
If it works, I will then follow the hardening guide I did before (https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) and test after every step
-
Resources to learn backend security from scratch
Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
-
Selfhosting Security for Cloud Providers like Hetzner
I suggest these resources: - Some fundamentals: https://www.cyberciti.biz/tips/linux-security.html - One of the best imho ( exhaustive list ): https://github.com/imthenachoman/How-To-Secure-A-Linux-Server - Ansible playbook to harden security by Jeff Geerling: https://github.com/geerlingguy/ansible-role-security - OAWSP Check list ( targeted for web apps... and honestly a bit overkill ): https://github.com/0xRadi/OWASP-Web-Checklist
-
Ask HN: What Linux setup/hardening guide do you use?
I can't claim to have been through it but this is sitting on my bookmarks folder and looks very useful: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
My only tip I haven't seen mentioned here is be very careful using docker with ufw, as by default docker will effectively override ufw port restrictions if it is told to expose a port.
- How I secure my VPS
-
Want to use Linux as main OS but help on hardening it.
As mentioned, there is some great software here https://www.privacytools.io/ and nearly everything you need to know to get started here https://wiki.archlinux.org/title/Security (useful even if you don't use Arch/Arch based distros, some of the stuff may be overkill and you need to figure out where to draw the line yourself in terms of tradeoffs). This guide, although it is geared towards servers also has some useful tips that apply to any linux system and is a little easier to follow https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
- Recommendations for advanced material (reading material, courses, etc) on server security?
- Hardening linux for total newbie?
Nginx Proxy Manager
-
Ask HN: What Underrated Open Source Project Deserves More Recognition?
I discovered these 3 amazing projects recently:
Cryptpad, essentially google docs/sheets/forms e2e encrypted. It does include collaboration. https://github.com/cryptpad/cryptpad
Immich, google photos self hostable, with share options https://github.com/immich-app/immich
Nginxproxymanager manages certificates and proxies to self hosted stuff through nginx https://github.com/NginxProxyManager/nginx-proxy-manager
Great self hosting stuff!
-
DevOps Simplified: Easy-to-Use Container Projects Deployment
Nginx Proxy Manager
-
:latest or :version for supporting services?
Prime example: Nginx Proxy Manager is often recommended in the sub. The latest minor release came with breaking changes (so already ignoring semver). I bet you many people were running on latest and then had broken stuff: https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.10.0
-
Has anyone been able to set up dockerized CrowdSec in front of dockerized NPM using official images only?
Here is the (NPM) GitHub issue where the "fork of a fork" image came into existence (lepresidente/nginx-proxy-manager). It has some interesting discussions about the challenges of having NPM and CrowdSec coexist and cooperate.
-
MyQ's horrible take on open access to their devices
Agree with this, myQ is such a dumpster fire. It needs to have an the ability to be managed over the local network instead of requiring the garage door and app connect to their server.
My very first experience with myQ was figuring out that their IP blocklist provider, brightcloud, blocks anything with the word "proxy" - including the default "it works" page for Nginx Proxy Manager [1]. And they have no way of overriding this to actually provide service if someone turns out to be a legitimate customer.
[1]: https://github.com/NginxProxyManager/nginx-proxy-manager/dis...
-
My Home Lab setup
Load Balancer: NPM Static IP VPN: PureVPN Proxy Server: CCProxy
-
Domains and Email hosting
As far as website hosting, just set up a few Docker containers: one for a web-server of your choice, and one for a reverse proxy. I recommend Nginx Proxy Manager. It handles SSL certificates for you in a super simple way (both the initial acquisition process as well as auto renewal) and makes it easy to expand to using multiple web servers in the future, or setting up redirects without filling up your DNS records.
-
Risk of self-hosting smaller projects
Feel like Christian Lempa is being a bit too lenient with the developer of Nginx Proxy Manager. jc21's handling of reported vulnerability was poor. 10 months to fix and then simply including it in the list of changes for v2.9.20 without publishing a security advisory. Not great. And to make matters worse, the project still doesn't have a security policy.
- Trouble setting up reverse proxy with Nginx.
-
Raspberry Pi 3b+ enough for proxy server
Docker runs on the 3B+ so you could use this [Github] or the one I have deployed here [NGINX Proxy Manager site] amongst others.
What are some alternatives?
traefik - The Cloud Native Application Proxy
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
socks5-proxy-server - SOCKS5 proxy server
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
BunkerWeb - 🛡️ Make your web services secure by default !
docker-pi-hole - Pi-hole in a docker container
homer - A very simple static homepage for your server.
caddy-docker - Source for the official Caddy v2 Docker Image
frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
proxmox-scripts
authelia - The Single Sign-On Multi-Factor portal for web apps
uptime-kuma - A fancy self-hosted monitoring tool