Jump to content

Best Affordable Network Security for Remote Access?


Recommended Posts

Posted (edited)

I've been poking around the forums, looking at discussions about reverse proxies and such, but when I looked into NGINX, it appears to be designed for commercial use and priced at a rate that is well beyond what I, as a home user, would remotely be interested in. I do have a free Windscribe account, and apparently they have a "Proxy Gateway" service available with their Pro package.

 

I'm just concerned about allowing (or rather continuing to allow) unsecured connections into my network, but I don't want to pay a truckload of money to secure it. Also, a solution that doesn't effectively require a professional certification in using PowerShell would be a plus.

 

Thoughts?

Edited by chyron8472
Posted (edited)

Nginx is free to use.  

 

I like linuxserver.io's letsencrypt docker container.  It gives you an up to date nginx reverse proxy and automatically handles renewing your cert.  Also includes fail2ban.  It is relatively simple itself to setup and configure, but a lot of people struggle getting docker set up initially and the idea of a container.  I also wouldn't recommend trying it on an all Windows environment.  

 

I've heard good things about using cloudflare to manage your DNS and letting them handle https but I haven't tried it myself.  

 

Edit: I've also heard good things about caddy as a good and simple reverse proxy that handles https certs, but again I haven't used it myself.  https://caddyserver.com/ 

Edited by KMBanana
mastrmind11
Posted (edited)

+1 for nginx, +1 for fail2ban, and +1 for cloudflare.  

 

If you go the cloudflare route, go get a cheap domain name.  everything else is free.  there are tons of tutorials for setting up each, as well as posting here w/ questions.  GL

Edited by mastrmind11
Posted (edited)

Nginx is free to use.  

 

 

If it is, they do not make that clear at all. The link in the sticky (http://nginx-win.ecsds.eu/) refers to purchasing a commercial subscription. When one googles "NGINX", and nginx.com is the top result, no where on that site does it mention anything being free. Now, granted nginx.org, which I found after posting this thread, does have free downloads, but that site is not at all clear how to use it.

 

It just doesn't feel to me like the process of setting up a WAN-accessible secure server is a particularly friendly process.

Edited by chyron8472
mastrmind11
Posted (edited)

If it is, they do not make that clear at all. The link in the sticky (http://nginx-win.ecsds.eu/) refers to purchasing a commercial subscription. When one googles "NGINX", and nginx.com is the top result, no where on that site does it mention anything being free. Now, granted nginx.org, which I found after posting this thread, does have free downloads, but that site is not at all clear how to use it.

 

It just doesn't feel to me like the process of setting up a WAN-accessible secure server is a particularly friendly process.

https://www.nginx.com/resources/wiki/

 

and the hand holding session:

https://www.digitalocean.com/community/tutorials/how-to-host-a-website-using-cloudflare-and-nginx-on-ubuntu-16-04

Edited by mastrmind11
Posted

Just replying again in case my edit was missed, 

 

I've heard good things about caddy as a good and simple reverse proxy that handles https certs, but I haven't used it myself.  https://caddyserver.com/ 

pir8radio
Posted

If it is, they do not make that clear at all. The link in the sticky (http://nginx-win.ecsds.eu/) refers to purchasing a commercial subscription. When one googles "NGINX", and nginx.com is the top result, no where on that site does it mention anything being free. Now, granted nginx.org, which I found after posting this thread, does have free downloads, but that site is not at all clear how to use it.

 

It just doesn't feel to me like the process of setting up a WAN-accessible secure server is a particularly friendly process.

 

 

I use this version, its the best windows version of nginx out there.. it is free for home users... 

Guest asrequested
Posted

I use this version, its the best windows version of nginx out there.. it is free for home users...

I see several downloads at the bottom. It's Crow that you get, right?

pir8radio
Posted (edited)

I see several downloads at the bottom. It's Crow that you get, right?

 

correct, they change the name for the major versions, current version is "Crow" last version was "Violet".. the links are at the bottom, they charge for support and commercial versions..   I've used this one for quite a few years.

Edited by pir8radio
Guest asrequested
Posted

A question for you nginx gurus. Have any of you configured it with a VPN? I've been thinking about possibly doing the reverse proxy thing. But I still want to use my VPN service. Redundant? Other ways to configure it? Is having a domain imperative?

mastrmind11
Posted

A question for you nginx gurus. Have any of you configured it with a VPN? I've been thinking about possibly doing the reverse proxy thing. But I still want to use my VPN service. Redundant? Other ways to configure it? Is having a domain imperative?

I'm no guru, but I don't see why it wouldn't work.  It's just traffic, after all, doesn't really matter where it's coming from/going to.  Buuut, I would say it's a bit overkill.  

Guest asrequested
Posted

I'm no guru, but I don't see why it wouldn't work. It's just traffic, after all, doesn't really matter where it's coming from/going to. Buuut, I would say it's a bit overkill.

Two gateways, a VPN AND a reverse proxy is a little too much, you think? Lol... Well, I was thinking I could disable IPS on the USG, if I used a reverse proxy? But maybe you're right...

mastrmind11
Posted

Two gateways, a VPN AND a reverse proxy is a little too much, you think? Lol... Well, I was thinking I could disable IPS on the USG, if I used a reverse proxy? But maybe you're right...

Honestly dude IPS is kind of a gimmick. Set up fail2ban to monitor your ports, then who gives a f where the connection comes from. Guess wrong 3x and you're banned, see ya. I'd turn it off just for the performance gain and to give your little box's cpu a break.

 

Sent from my SM-G965U using Tapatalk

Guest asrequested
Posted (edited)

Honestly dude IPS is kind of a gimmick. Set up fail2ban to monitor your ports, then who gives a f where the connection comes from. Guess wrong 3x and you're banned, see ya. I'd turn it off just for the performance gain and to give your little box's cpu a break.

 

Sent from my SM-G965U using Tapatalk

Ha! Yeah, that's what I was thinking about. The USG is a little underpowered. Be nice to disable that. Is there any way to run fail2ban or something like that, on pfsense? Ideally, that's what I'd prefer. Edited by Doofus
Posted

Just replying again in case my edit was missed,

 

I've heard good things about caddy as a good and simple reverse proxy that handles https certs, but I haven't used it myself. https://caddyserver.com/

I use caddy, just don't open any remote desktop ports on your router unless you have a good password and fail2ban/wail2ban working.

 

But, yeah caddy is great too!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...