nginx ssl hardening using self signed ssl certs - part2

preview_player
Показать описание
harden nginx reverse proxy using self signed ssl certificates

00:00 Intro
00:59 File setup
01:16 Nginx docker-compose file
02:28 Nginx ssl enabled configuration file redirecting http to https
04:12 Generate self signed ssl certificate files for nginx
06:24 Test the end result
07:55 Outro

#nginx
#docker
#ssl
#certificate
#proxy
#hardening
#self
#tls
#shell
#container
#authentication
#explanation
#database
#storage
#linux
#command
#terminal
#build
#application
#backend
#devops

USEFUL********

part2 replication (high availibility):

link for redis docker hub page:

PLAYLISTS*******

let's talk a bit :-*
LINKS********
  1. medium guy
  2. nginx
  3. docker
  4. ssl
  5. certificate
  6. proxy
Рекомендации по теме
nginx ssl hardening 0:09:23

nginx ssl hardening using self signed ssl certs - part2

Self-Hosted SSL Simplified: 0:12:14

Self-Hosted SSL Simplified: Nginx Proxy Manager

Self Hosting on 0:15:46

Self Hosting on your Home Server - Cloudflare + Nginx Proxy Manager - Easy SSL Setup

nginx Security: How 0:09:28

nginx Security: How To Harden Your Server Configuration

Explained: 7 Settings 0:12:08

Explained: 7 Settings to Secure Nginx Web Server | Securing Nginx

Self-Hosting Security Guide 0:18:43

Self-Hosting Security Guide for your HomeLab

Nginx Security Hardening 0:08:50

Nginx Security Hardening - Install WordPress on Ubuntu 20.04 Part 6/9

Making applications secure 0:36:37

Making applications secure with NGINX

Nginx Proxy Manager 0:08:38

Nginx Proxy Manager - ACCESS LIST protection for internal services

Linux Security - 0:21:00

Linux Security - Securing Nginx

How to protect 0:30:39

How to protect Linux from Hackers // My server security strategy!

NGINX Refusing Connection 0:02:36

NGINX Refusing Connection on SSL

How to install 0:07:21

How to install ssl on nginx | nginx + tls/ssl + vhost | Virtual Hosting

Application and API 0:20:32

Application and API Security with NGINX, New Tricks and Old Ones | Wallarm

Part 2 - 0:23:47

Part 2 - NGINX Web Server ( Security )

Application Security with 0:35:38

Application Security with NGINX

SSL certificate for 0:30:57

SSL certificate for angular nginx vps host

Securing Nginx Web 0:18:24

Securing Nginx Web Server | Hackersploit Linux Security

NGINX Linux Server 0:17:28

NGINX Linux Server | Common Configurations

Create Your Own 0:05:34

Create Your Own SSL Certificate Authority (on Linux)

Setting up a 0:29:50

Setting up a production ready VPS is a lot easier than I thought.

HTTP to HTTPS 0:01:23

HTTP to HTTPS Nginx too many redirects

NGINX: misconfigurations examples 0:06:48

NGINX: misconfigurations examples

Turn Your WebServer 0:20:21

Turn Your WebServer Into a Fort with NGINX + Let’s Encrypt + HTTP/2

Комментарии
Автор

Thanks for the content. Its possible in the future explain how to create the same solution using lets encrypt service? Great job.

viniciusandrade
Автор

Thanks - helped me to quickly add nginx ssl for the web frontend of roundcube (webmail) on my Portainer compose-style "stack" along with my container for roundcube itself. (Running Docker MailServer). (nb. there's other stuff you have to change in roundcube to get imap working with SSL/TLS imap port on Docker MailServer - I'm using my own certs on that too so roundcube has to be able to access the CA for them ... and I've still gotta get SMTP StartTLS working between the containers ... I guess I need to add the CA to the roundcube container OS too, maybe).

But for the webmail to be SSL protected - this nginx proxy was the easy way to go.
(Further context: I wanted a purely internal email server just as a log-sink I guess for some apps that insist on email e.g. self-hosted bitwarden ... I'm blocking SMTP relaying for this one ... I have two actually - a pair ... Docker in LCX Containers on Proxmox ... not in HA, (as Proxmox though I have pfsense in HA and use VMs for Docker-swarm/Kubenetes {eventually} that can {will} access the outside world) ... but just for internal admin on a separate VLAN only accessible by direct ethernet to that VLAN or via various VPN solutions, I wanted a purely internal light-email solution - and I guess I'm a bit excessive when I come to encryption lol [on same docker network] ... but I'm old and forgetful and I just try to set things up so that future mistakes might be caught by earlier over-zealousness).

I did notice the use of container IPs ... I'm using container names.
I'm using an "external" network set in Portainer for my collection of email containers.

EXTRACT FROM PORTAINER STACK:

roundcubenginx:
image: nginx:latest
container_name: roundcubenginx
restart: unless-stopped
ports:
- redacted:443
volumes:
- # where nginx config is
- # where my certificates are
networks:
-


MY NGINX CONFIG
... I don't use the IP addresses


upstream roundcube {
server roundcubemail;
}

server{
listen 443 ssl;
server_name roundcubemail;
client_max_body_size 10240M;

ssl_certificate /etc/certs/cert.crt;
ssl_certificate_key /etc/certs/cert.key;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

I never quite know what I'm doing lol or if things are "right" - I just fumble my way, but just sharing in case useful to anyone else.

nb: I use XCA on Windows to create/manage my internal certificates - I personally have found that to be the easiest/most-convenient for me.

davidbayliss
visit shbcf.ru