12 Feb
2022
12 Feb
'22
1:46 p.m.
On 11/02/2022 22:48, Lawrence wrote:
Tony
Some thoughts.
My current choice of setup for Apache is to use nginx in front for HTTPS
termination and use letsencrypt for certificates. One thing I like about
nginx is that you can use a special error response of 444 which does not
send an http response it just drops the connection, which slows down
attackers.
Hi, Lawrence.
I'm familiar with setting up and running Apache, but I'm a total noob
about how to secure it properly. Back in the day when I did this before
the Internet was a _much_ less hostile place!
I am using the Apache/nginx pair for a number of uses,
some API servers
and an user web interface server. (Named virtual hosts)
OK, resistance is futile: I'm going to have to learn how to use Nginx.
[...]
Depending what you use Apache for these ideas may or may not be useful.
Script kiddies will also try accessing admin pages for wordpress and
similar.
This project requires multiple remote Ubuntu-MATE desktops on school
Windows PCs/Laptops without having to install e.g. an "x2go" client.
The minimal requirement I've recommended is an HTML5-compliant web
browser capable of running "noVNC". Everything is set up and working
using XDMCP and Websockify to connect noVNC. I want to 'harden' the
server a bit now.
I used JNLP to provide remote VNC desktops in the dark and distant past,
but the world has changed a lot since then...
Thanks for your thoughts and helpful advice,
Tony.
--
Minke Informatics Limited, Registered in Scotland - Company No. SC419028
Registered Office: 3 Donview, Bridge of Alford, AB33 8QJ, Scotland (UK)
tel. +44(0)19755 63548 http://minke-informatics.co.uk
mob. +44(0)7985 078324 mailto:tony.travis@minke-informatics.co.uk