counterweight/lombra-early-notes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lombra-early-notes/infra_tests/wireguard_and_nginx_test.md
counterweight 6704166dd4 Thingies
2024-01-06 23:49:47 +01:00

1.3 KiB
Raw Blame History

Wireguard and Nginx

The purpose of this test is to check if we can restrict access to a service provided through NGINX to only be accessible for clients connecting through a Wireguard VPN.

This would allow for having internal webpages that can only be reached by users that have access through the VPN. These provides some cool stuff:

  • An additional layer of security on top of application/service credentials.
  • Perfect protection against sniffing between our member devices and all our services.
  • The possibility to fully unplug any user at will by simply removing his keys from the Wireguard VPN config.

Test plan

  • Get a VPS in 1984.hosting
  • Install Ubuntu Server
  • Install Wireguard
  • Install client and check that VPN is working fine
  • Deploy silly webpage with containerized Nginx and open access in the same VPS
  • Validate that Nginx is reachable through clearnet without VPN
  • Modify Nginx config to only listen to requests coming from the VPS localhost
  • Validate that Nginx is not reachable through clearnet without VPN
  • Validate that Nginx is reachable through clearnet without VPN

Test logs

Drop notes here as we try stuff