How secure is a vanilla install of nginx with .htaccess authentication?

posted 1 year ago

I have installed nginx on an Arch Linux VPS with Vultr. I intend to use it to serve files to myself and two colleagues. I have setup three accounts for us all with login names and passwords via the .htaccess and .htpasswd files. I will also be adding a certificate with let’s encrypt before the server will be used.

The data we will be sharing is commercially sensitive. Is there anything else I need to worry about? Is there anything else I can do to harden the server?

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

zoredache@alien.topB

1 point

1 year ago

What I meant, and perhaps I have a misunderstanding, i

Yes, I understand what you mean, and you don’t seem to be misunderstanding how TLS client certificates function.

But my point was, that usually it is web server is that accepts and validates the client certificate. A web server is externally visible, and so it is potentially something that can be attacked even if the attacker doesn’t have a valid client certificate.

permalink

report

parent

Self-Hosted Main

!main@selfhosted.forum

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

Community stats

23
Monthly active users
1.8K
Posts
11K
Comments

Community moderators

communick@selfhosted.forum