Web lists-archives.com

Securing development environment




Hello everybody!

I have been renting a VPS with installed Debian Stretch. I want to host a my personal website that includes basic functionality as blog, chat, portfolio etc. Entire website will be written using Django framework and Python 3.x, HTML5, CSS3, JS programming languages. These parts of that project will be implemented as Django apps.

I do not want to expose development environment publicly. Experimental version of this project contains DEBUG variable set to True and other experimental features that should not be in production because I want to be able easily detect any bugs. I have also running other sensitive services e.g. SSH.

My question is how can I restrict access to the administrative services like SSH, development environment, web console, ZNC admin etc. Of course, I am using public key authentication on SSH without password.

My proposed solutions:

- use nginx mechanism called basic_auth to restrict access to development environment, phpMyAdmin, phpPgAdmin etc. (vulnerable to bruteforce attacks but it risk can be limited using fail2ban although still weak 8 characters passwords),
- use OpenVPN protocol, configure listening ports of specific applications and configure properly firewall (I think it would be most secure choice),
- use proxy server like squid to access administrative services (in my opinion worst option).

Which option is best solution? I am considering use VPN but I am not sure is too complicated and that problem can be solved simpler by nginx basic_auth mechanism and fail2ban. What are your recommendations?

--
Best wishes,
Hubert Hauser.

Attachment: 0x63D031274518F606.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature