I have UFW setup as my firewall and a script that reads my log file to detect spammers (it's a mailserver). The script insert rules like these on the first line:
Anywhere DENY x.x.x.x
The script is running fine, rules are added. You would say everything is working fine, but there are still logs coming from IPs that should be blocked.
I have tried reloading UFW, but this does not solve this issue. These are basically my rules:
Anywhere DENY x.x.x.x
25/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
I assume the firewall stops when the rule is valid?
Yes, once a rule is matched the others will not be evaluated.
You can check the order of your rules and that ufw is active with:
sudo ufw status numbered
Related
I use nginx with simple auth rules such as the following:
location /api {
#...
deny 192.168.1.2;
allow 10.128.99.1;
allow 127.0.0.1;
deny all;
}
This works great, but sometimes a users IP changes, then I have to update the nginx.conf file with the new IP. Is there any way to use machine name instead, such as the following:
location /api {
#...
deny 192.168.1.2;
allow MachineName;
allow 127.0.0.1;
deny all;
}
I tried that, but nginx gave an error when I tried to start the service. I can use ping to look up the IP, but I am just trying to automate the process. Thanks in advance.
There is Nginx HTTP rDNS module which allows doing just the very thing you're asking about:
This module allows to make a reverse DNS (rDNS) lookup for incoming connection and provides simple access control of incoming hostname by allow/deny rules
The only downside is that you'll have to disable HTTP/1.1 keepalive due to outstanding bug, which was never fixed.
Installation on CentOS systems (6, 7 and 8) can be done using commercial GetPageSpeed repository (requires subscription):
sudo yum -y install https://extras.getpagespeed.com/release-latest.rpm
sudo yum -y install nginx-module-rdns
I know almost nothing about nginx, please help me to see if it can be achieved ?
A public network IP with only 80 and 8080 ports open, Such as 182.148.???.135
A domain name with an SSL certificate, Such as mini.????.com
This domain name can resolve to this IP.
Using the above conditions, how to enable https ? So that I can pass visit https://mini.????.com to the target server 182.148.???.135
Thank you very much for your help!
Just came accross an issue. Doesn’t matter if its a local setup or one with a domain name.
When you create a symbolic frpom sites-available to sites-enabled you have to use the whole path to each location.
e.g. you can’t
cd /etc/nginx/sites-available/
ln -s monitor ../sites-enabled/
It has to be:
ln -s /etc/nginx/sites-available/monitor /etc/nginx/sites-enabled/
Inside /etc/nginx/sites-available you should have just edited the default file to change the root web folder you specified and left the server name part alone. Restart nginx, should work fine. You don’t need to specify the IP of your droplet. That’s the whole purpose of the default file.
You only need to copy the default file and change server names when you want to set up virtual hosts.
I setup UFW and HTTPS on my digitalocean droplet and I can no longer SFTP into my box. Are there extra steps to enable SFTP into the box?
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-18-04#step-4-%E2%80%93-managing-the-nginx-process
https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-with-nginx-server-blocks-on-ubuntu-16-04#prerequisites
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
Seeing that SFTP runs on the SSH port, you could be in trouble. If you can not access your server in any way, then it's probably for the best to reset it since there will be no real other way to gain access to your server again.
Anyhow, if you can connect to your server and update the firewall (execute with sudo if necessary), execute the following 2 commands if you have a static IP:
ufw allow from [YOUR IP] to any port 22
ufw reload
Otherwise, it is recommended to use a different port for SSH (http://www.linuxlookup.com/howto/change_default_ssh_port). The commands to execute here would be the following:
ufw allow [CUSTOM SSH PORT]
ufw reload
Also, if you are not yet using a key for your SSH login, take a look at the follwing page: https://www.ssh.com/ssh/key/ . Since it will greatly improve the overall security of your server.
doing the initial setup for apache, and myphp, I get this message when I try to restart my apache:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.1.72. Set the 'ServerName' directive globally to suppress this message
This should be a warning not a problem with Apache server.
If you insert below line in either httpd.conf or apache2.conf in /etc/apache2 and restart apache the notice will disappear.
ServerName localhost
It will not work for virtual host. Make sure you have defined server name inside /etc/hosts with specific ip address
I have several subdomains running on nginx, and when i added next one, there was a problem with the same name of subdomain i removed.
I'm not shure that config were worked in the past. This is what i have found on serwer.
For now there is no possibility to restart nginx with virtual hosts, becouse it's failed.
config tests is ok,
without vh's it is restarting well,
nginx.conf test is ok,
logs are clear
nginx config is placed in project and /etc/nginx is pointing to that folder
I have add that exaple vh and it is crushing event with it.
What else can i check, what may cause such a problem?
I have found solution. Nginx could not start after stop, becouse ports 80 and 433 were busy by... nginx. Anyway
netstat -tulpn
shown what process are runing on particular ports.
I killed these processes with commands:
sudo fuser -k 80/tcp and fuser -k 433/tcp
and after that
sudo service nginx start
just worked.
Config files are fine, and test pass, logs where clear and nginx command show whats wrong