3

I want to use nginx for local development. This means I want to prevent other machines from being able to access my web server so it can only be accessed via localhost.

Under the server settings in sites-enabled/default I changed my code to

location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to index.html
        allow 127.0.0.1;
        deny all;
        try_files $uri $uri/ /index.html;
    }

Is there anything else I need to do to prevent third parties from accessing my web server?

Frank Vilea
  • 559
  • 2
  • 8
  • 16

1 Answers1

3

On the NGINX side no, depending on how secure you want it to be you may also want to block port 80 (Or whatever port NGINX is running on) from any IP except local host, or use a non-default port (Something in the 8000-10000 range).

Smudge
  • 24,039
  • 15
  • 57
  • 76
  • 1
    Thanks, I used ufw with the command: sudo ufw allow proto tcp from 127.0.0.1 to any port 80 and then sudo ufw deny 80. BTW, in my MySQL config file I set the bind-address to 127.0.0.1. Would this be sufficient now? I'm a bit paranoid because I learned yesterday that I had all the ports open all the time for MySQL and Apache while being connected to the Internet. Therefore, I re-installed my entire distro. Thanks again. – Frank Vilea May 25 '11 at 22:57
  • It can depend on your MySQL config and other factors on the network. Again I would block MySQL's port with the Firewall, or turn off networking altogether and just use a UNIX socket. – Smudge May 25 '11 at 22:58