Home / user-607853

vespino's questions

Martin Hope
vespino
Asked: 2021-06-17 11:59:59 +0800 CST
  • 0

I'm running an nginx reverse proxy to be able to run multiple servers behind my firewall. I noticed on my (Kerio) mail server the error log is filled with "failed login from < local ip of nginx >" and I was wondering how can I set it so I get the remote IP of the person/bot that is trying to login so I might use that information for auto blocking those addresses (for example)?

This is my current config:

server {
    listen 8443 ssl http2;
    server_name mail.domain.com;

    location / {
        proxy_set_header Host $host;
        proxy_pass https://<internal ip>/;
        client_max_body_size 0;
        proxy_connect_timeout 3600;
        proxy_send_timeout 3600;
        proxy_read_timeout 3600;
        send_timeout 3600;
    }
}

Adding the following lines, results in more of the same:

proxy_set_header   X-Real-IP          $remote_addr;
proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
nginx reverse-proxy kerio
Martin Hope
vespino
Asked: 2021-03-23 10:26:49 +0800 CST
  • 0

I just watch this video https://youtu.be/ZhMw53Ud2tY and the question I have is if I have to generate a public/private key pair for each server I’m looking to login to or if I just generate one pair and use that for each server. Somehow that last option seems to be like using the same password for each account.

Is it wise to store the keys in a password manager btw? I’m using keepass as password manager.

public-key private-key
Martin Hope
vespino
Asked: 2020-12-25 03:39:13 +0800 CST
  • 1

I have a reverse proxy running on port 80 to serve as a "gateway" to update Let's Encrypt certificates on VMs inside my network. This reverse proxy is only exposed for 5 minutes per week on port 80 for this reason. I have a number of domains that pass through this server to be forwarded to their internal IP addresses. This all works fine, however there is one server exposed to the internet on port 443. When I make a request to the correct domain name using https, all is fine. When I use one of the other domains, I of course get an invalid certificate error. That is why I was thinking of routing port 443 traffic through the reverse proxy so I'll be able to block traffic not targetting the one domain that is exposed and running on 443. Nginx however expects a valid certificate which I can't give it because it's on another server.

The server I'm running on port 443 is Kerio Mailserver.. maybe there is something I can do there to force the use of only one domain name?

Is there a way of handling this? Just in case you're wondering: the other servers don't need exposing.

nginx reverse-proxy kerio