25 lines
1.3 KiB
Markdown
25 lines
1.3 KiB
Markdown
# Wireguard and Nginx
|
|
|
|
The purpose of this test is to check if we can restrict access to a service provided through NGINX to only be accessible for clients connecting through a Wireguard VPN.
|
|
|
|
This would allow for having internal webpages that can only be reached by users that have access through the VPN. These provides some cool stuff:
|
|
- An additional layer of security on top of application/service credentials.
|
|
- Perfect protection against sniffing between our member devices and all our services.
|
|
- The possibility to fully unplug any user at will by simply removing his keys from the Wireguard VPN config.
|
|
|
|
## Test plan
|
|
|
|
- [ ] Get a VPS in 1984.hosting
|
|
- [ ] Install Ubuntu Server
|
|
- [ ] Install Wireguard
|
|
- https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-22-04
|
|
- [ ] Install client and check that VPN is working fine
|
|
- [ ] Deploy silly webpage with containerized Nginx and open access in the same VPS
|
|
- [ ] Validate that Nginx is reachable through clearnet without VPN
|
|
- [ ] Modify Nginx config to only listen to requests coming from the VPS localhost
|
|
- [ ] Validate that Nginx is not reachable through clearnet without VPN
|
|
- [ ] Validate that Nginx is reachable through clearnet without VPN
|
|
|
|
## Test logs
|
|
|
|
Drop notes here as we try stuff
|