I’m trying to set up secure access and a reverse proxy. I thought I had it but I got myself locked out. Fortunately a re-start fixed it as I didn’t have NGINX run on boot.
Can anyone give me some help on doing this properly. The domains and DDNS obtained from EasyDNS, the certificate files are from Let’s Encrypt. They are installed in the config/ssh folder and are valid. So here’s what I have so far:
In the NGINX config file:
domain: ha.HIDDEN.ca
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
real_ip_from: []
Configuration.yaml has:
http:
server_port: 443
ssl_certificate: /config/ssl/fullchain.pem
ssl_key: /config/ssl/privkey.pem
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
I have a file created in /config/nginx_proxy called nginx_proxy_default.config with the contents:
server {
listen 80;
server_name _; # A catch-all server block
location / {
return 444; # No Response
}
}