I'm sure if someone really wanted to break in, they probably could, but hopefully I've done enough to make it difficult enough that they might find an easier target. Over time I've hardened the NGINX config so everything can only be connected via SSL and achieves a A+ score on SSLlabs. When I decided to expose a few other services, I set-up a NGINX reverse-proxy in a jail and started to use Letsencrypt/certbot to generate each of the SSL certificates. I also added 2FA when than became an option in ownCloud. I also added in Fail2ban protection blocking IP addresses for 10 minutes after 3 failed attempts. I then added a self-created SSL certificate and when that started being rejected by some browsers move to using a cheap one from Comodo. For a short time at the beginning I was simply forwarding a port on my router to the jail. I've been running ownCloud in a FreeNAS jail for a good few years now, and over time have gradually increased the security as I understood more about things. As soon as you expose anything to the internet, you have to accept and assess the risk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |