Re: [PLUG] Securing Web Site for External Traffic

[Rohit Mehta <ro@paper-mill.com>]

OpenSSH VPN or even SSH tunnelling (similar to keith's suggestion, but just tunnel the http traffic rather than run vnc) should do what you want as long as you can SSH to your firewall machine and you don't need to worry about securing your http services.  OpenVPN will give you better performance with slightly more investment in setup time.

https://help.ubuntu.com/community/SSH_VPN

If data security is no concern, and you want to put stuff on the public internet, I'd recommend periodically grabbing state copies of that data and putting it on the public Internet ie dropbox or something.

Of course you did say you wanted it to work on ios and android.... so i think openvpn is the only option and from my experience it's a bit of work.

On Sat, Aug 29, 2015 at 3:20 PM, Keith C. Perry <kperry@daotechnologies.com> wrote:

Where as OpenVPN certificate management is not a big deal since that is how it was designed to be used.  :)  They have scripts to create as well as revoke them.  The biggest p.i.t.a. is properly assembling the unified config that works everywhere- especially mobile.  Its just a catenation of a couple of files plus your cert but I scripted that (also trivial) and haven't looked back.

Truth be told, once you create a cert for yourself, you're not going to change it that much.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.

Owner, DAO Technologies LLC

(O) +1.215.525.4165 x2033

(M) +1.215.432.5167

www.daotechnologies.com

---

From: "David Coulson" <david@davidcoulson.net>
To: plug@lists.phillylinux.org
Sent: Saturday, August 29, 2015 10:20:46 AM
Subject: Re: [PLUG] Securing Web Site for External Traffic

On 8/29/15 9:42 AM, Timothy Marion wrote:

I would go with HTTPS. HTTPS is good enough for all the online stores and banks it should protect a baby monitor. I do this as a hobby and do not have the production experience that others on list list have. I was able to setup a self signed cert and https on my VPS. It was not a walk in the park but it was not rocket science. If I can do most anybody could.

Depends what you're trying to accomplish - HTTPS/TLS only secures the transport, and does not provide access control capabilities. You can certainly do certificate based authentication, but that's a bear to manage and support.



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug