saltydog
Posts: 39
Joined: Mon Dec 24, 2012 10:40 am

Web server security

Tue Jun 17, 2014 1:17 am

I'm using lighttpd and have a php tcp socket server script in the root directory of the server.
In the home directory there is a python client script that also controls gpio.

I don't need the site to be assessable to anyone but myself.

Will password protecting the root folder, maybe also only allowing a single ip access, secure the site?

If not, would using a framework like flask and web-sockets be any better.

elatllat
Posts: 1337
Joined: Sat Dec 17, 2011 5:05 pm

Re: Web server security

Tue Jun 17, 2014 3:10 am

If you want it secure from the rest of the www firewall all but ssh and use an ssh key to proxy your browser through the firewall in ssh.
SBC with 32GB RAM: https://hardkernel.com

FAQ : https://raspberrypi.stackexchange.com

Unanswered: https://www.raspberrypi.org/forums/search.php?search_id=unanswered

User avatar
DougieLawson
Posts: 36528
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Web server security

Tue Jun 17, 2014 9:25 am

sudo apt-get install ufw

UFW is a really easy way to control a linux firewall with simple human readable rules that get converted to incredibly complex iptables incantations.

You can control by port and ip address (or ip address block).

Also with Lighttpd you can control which address it listens on (default is INADDR_ANY) with server.bind = "ip.ip.ip.ip" in the config.
If you set server.bind = "127.0.0.1" it can only be connected by local users on your RPi.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

elatllat
Posts: 1337
Joined: Sat Dec 17, 2011 5:05 pm

Re: Web server security

Wed Jun 18, 2014 1:29 am

'incredibly complex' is an exaggeration. iptables are quite readable.
SBC with 32GB RAM: https://hardkernel.com

FAQ : https://raspberrypi.stackexchange.com

Unanswered: https://www.raspberrypi.org/forums/search.php?search_id=unanswered

User avatar
DougieLawson
Posts: 36528
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Web server security

Wed Jun 18, 2014 7:42 am

elatllat wrote:'incredibly complex' is an exaggeration. iptables are quite readable.
Not for the new Linux user they aren't.

UFW is a nice simple way to make it all easier.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

elatllat
Posts: 1337
Joined: Sat Dec 17, 2011 5:05 pm

Re: Web server security

Wed Jun 18, 2014 11:53 pm

ufw allow 22

vs

iptables -A INPUT --dport 22 -j ACCEPT
SBC with 32GB RAM: https://hardkernel.com

FAQ : https://raspberrypi.stackexchange.com

Unanswered: https://www.raspberrypi.org/forums/search.php?search_id=unanswered

User avatar
DougieLawson
Posts: 36528
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Web server security

Thu Jun 19, 2014 8:23 am

elatllat wrote:ufw allow 22

vs

iptables -A INPUT --dport 22 -j ACCEPT
Exactly! The first command is much easier to understand and can be ufw allow ssh.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

User avatar
FLYFISH TECHNOLOGIES
Posts: 1750
Joined: Thu Oct 03, 2013 7:48 am
Location: Ljubljana, Slovenia
Contact: Website

Re: Web server security

Thu Jun 19, 2014 9:42 am

Hi,
elatllat wrote:ufw allow 22
As input, output, forward... ?
elatllat wrote:iptables -A INPUT --dport 22 -j ACCEPT
Here are no doubts... should be extended with interface item.


Best wishes, Ivan Zilic.
Running out of GPIO pins and/or need to read analog values?
Solution: http://www.flyfish-tech.com/FF32

User avatar
DougieLawson
Posts: 36528
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Web server security

Thu Jun 19, 2014 10:13 am

FLYFISH TECHNOLOGIES wrote:Hi,
elatllat wrote:ufw allow 22
As input, output, forward... ?
UFW lets you control all of the iptables parms with nice simple English keywords. It really is more user friendly than iptables for the new Linux users.

http://manpages.ubuntu.com/manpages/sau ... ufw.8.html
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

Return to “General discussion”