this post was submitted on 18 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

511 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I have installed nginx on an Arch Linux VPS with Vultr. I intend to use it to serve files to myself and two colleagues. I have setup three accounts for us all with login names and passwords via the .htaccess and .htpasswd files. I will also be adding a certificate with let's encrypt before the server will be used.

The data we will be sharing is commercially sensitive. Is there anything else I need to worry about? Is there anything else I can do to harden the server?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 1 year ago (1 children)

What I meant, and perhaps I have a misunderstanding, is that I was under the impression that SSL could be configured such that it behaves in the way that's widely known - either a website is "trusted" because an authority has verified that the true owner owns it within a certain period of time - but also as second method more akin to SSH keys, wherein the server has one certificate, the client has a signed cert, and you can only access the server if you're in possession of a signed certificate on the device being used to access the site. This digicert description matches mine, so I don't think I'm too far off but I'm missing something

[โ€“] [email protected] 1 points 1 year ago

What I meant, and perhaps I have a misunderstanding, i

Yes, I understand what you mean, and you don't seem to be misunderstanding how TLS client certificates function.

But my point was, that usually it is web server is that accepts and validates the client certificate. A web server is externally visible, and so it is potentially something that can be attacked even if the attacker doesn't have a valid client certificate.