I have installed nginx on an Arch Linux VPS with Vultr. I intend to use it to serve files to myself and two colleagues. I have setup three accounts for us all with login names and passwords via the .htaccess and .htpasswd files. I will also be adding a certificate with let’s encrypt before the server will be used.

The data we will be sharing is commercially sensitive. Is there anything else I need to worry about? Is there anything else I can do to harden the server?

  • zoredache@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    What I meant, and perhaps I have a misunderstanding, i

    Yes, I understand what you mean, and you don’t seem to be misunderstanding how TLS client certificates function.

    But my point was, that usually it is web server is that accepts and validates the client certificate. A web server is externally visible, and so it is potentially something that can be attacked even if the attacker doesn’t have a valid client certificate.