Secure Meshcentral server on Vultr
-
@scottalanmiller said in Secure Meshcentral server on Vultr:
@black3dynamite wouldnt that take the secure meshcentral and expose it as unencrypted?
Now I'm only assuming if Nginx and MeshCentral are on separate VM
You are have nginx listening on port 80 and then redirect to 443. Proxy pass is set to the MeshCentral VM address and port 443.Now if nginx and MeshCentral is on the same VM, I would do something like the example on page 30, 31, and 32.
http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide-0.2.2.pdf -
@black3dynamite said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
@black3dynamite wouldnt that take the secure meshcentral and expose it as unencrypted?
Now I'm only assuming if Nginx and MeshCentral are on separate VM
You are have nginx listening on port 80 and then redirect to 443. Proxy pass is set to the MeshCentral VM address and port 443.If Nginx listens on port 80, that would make MC think it was secure, but have the encryption removed before going over the Internet. It's the other way that you'd want to do it. MC on 80, Nginx listening on 443.
-
Mesh Central has to listen on 80 i order to get the LE cert.
Other than that, instance, I believe it force edirects traffic to 443
-
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
I went the LTS route as I used Vultr's image and its what I know at the moment. No other reason. Someday I will change it over to Ubuntu Current or Fedora.
-
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
-
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
-
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.
I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!
-
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.
I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!
A little paranoia isn't a bad thing... but I think you may be tiptoeing the line.
-
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.
I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!
A little paranoia isn't a bad thing... but I think you may be tiptoeing the line.
No doubt. Have to let go a little.
-
@pmoncho said in Secure Meshcentral server on Vultr:
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.
I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!
A little paranoia isn't a bad thing... but I think you may be tiptoeing the line.
No doubt. Have to let go a little.
But only a little. Don't want somebody to steal your car when they get into your garage.
-
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.
I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!
A little paranoia isn't a bad thing... but I think you may be tiptoeing the line.
No doubt. Have to let go a little.
But only a little. Don't want somebody to steal your car when they get into your garage.
Lol - they'd still likely need the keys - so even having open doors doesn't really help the crook.
-
@Dashrender said in Secure Meshcentral server on Vultr:
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.
I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!
A little paranoia isn't a bad thing... but I think you may be tiptoeing the line.
No doubt. Have to let go a little.
But only a little. Don't want somebody to steal your car when they get into your garage.
Lol - they'd still likely need the keys - so even having open doors doesn't really help the crook.
Crook needs no keys. That is the scary part. Metal shim, wire cutter/stripper, electrical tape and possibly screw driver. Jimmy lock, strip wires, connect to get it out of park, push to end of driveway, connect to start up and away they go. Ugh. To much Black Mirror and Mr. Robot.
-
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.
I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!
A little paranoia isn't a bad thing... but I think you may be tiptoeing the line.
No doubt. Have to let go a little.
But only a little. Don't want somebody to steal your car when they get into your garage.
Lol - they'd still likely need the keys - so even having open doors doesn't really help the crook.
Crook needs no keys. That is the scary part. Metal shim, wire cutter/stripper, electrical tape and possibly screw driver. Jimmy lock, strip wires, connect to get it out of park, push to end of driveway, connect to start up and away they go. Ugh. To much Black Mirror and Mr. Robot.
Yeah - the main temper to that around here is - what are the chances of YOU being a target? and what percentage of crooks are going to have those skills? I don't know you, so I can't see what your level of being targeted are, but the % of crooks with the skills are very low.
-
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@dafyre said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Dashrender said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Is that really a risk during install though? What ports are open during install that would make this a concern?
Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.
I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!
A little paranoia isn't a bad thing... but I think you may be tiptoeing the line.
No doubt. Have to let go a little.
But only a little. Don't want somebody to steal your car when they get into your garage.
Lol - they'd still likely need the keys - so even having open doors doesn't really help the crook.
Crook needs no keys. That is the scary part. Metal shim, wire cutter/stripper, electrical tape and possibly screw driver. Jimmy lock, strip wires, connect to get it out of park, push to end of driveway, connect to start up and away they go. Ugh. To much Black Mirror and Mr. Robot.
Yeah - the main temper to that around here is - what are the chances of YOU being a target? and what percentage of crooks are going to have those skills? I don't know you, so I can't see what your level of being targeted are, but the % of crooks with the skills are very low.
I am just a suburbanite in Ohio. Where I'm at I know the % of being a target is pretty low.
The rational side of me so gets that. I get into that paranoia state and eventually (after long while of stability) get to the "just cause its possible doesn't mean its probable" state. Getting to the latter state sooner is my issue.
Side Note - The confidence, along with knowledge and experience, of the posters here in all aspects of IT, keeps me in awe (I mean that in a very good way).
-
@pmoncho said in Secure Meshcentral server on Vultr:
I went the LTS route as I used Vultr's image and its what I know at the moment. No other reason.
What do you mean? You have to intentionally select one of the older versions on Vultr to not be up to date. The top choice is, and has been basically since release day, the current version. They always OFFER out of date versions for people who desire or require that, but they don't promote them in any way.
-
@pmoncho said in Secure Meshcentral server on Vultr:
@Reid-Cooper said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
Less portable that way. Why not do it the normal way?
Little lost here. What is the "normal way?"
Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.
Isn't Ubuntu's firewall on by default? Maybe not. But still, it doesn't make any difference if your services are not running.
It's just extra work and complication to troubleshoot, IMHO.
-
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
-
@JaredBusch said in Secure Meshcentral server on Vultr:
@scottalanmiller said in Secure Meshcentral server on Vultr:
Isn't Ubuntu's firewall on by default?
UFW is not installed or enabled by default.
But it just manages iptables, and that is active I believe. but minimally. SSH works without letting anything through. prior to enabling UFW.
Oh, that makes more sense. Firewall is on, firewall manager is absent.
-
@scottalanmiller said in Secure Meshcentral server on Vultr:
@pmoncho said in Secure Meshcentral server on Vultr:
I went the LTS route as I used Vultr's image and its what I know at the moment. No other reason.
What do you mean? You have to intentionally select one of the older versions on Vultr to not be up to date. The top choice is, and has been basically since release day, the current version. They always OFFER out of date versions for people who desire or require that, but they don't promote them in any way.
I missed that. I was just "blinded" once I saw the 18.04. Habit apparently. Really have to stop that.
As for the FW, I didn't know if it was on, off or otherwise so I just set it up. For this single instance, management is not a factor.
@JaredBusch
Thanks for the confirmation on the FW and SSH. Will take that knowledge forward. -
@pmoncho said in Secure Meshcentral server on Vultr:
I missed that. I was just "blinded" once I saw the 18.04. Habit apparently. Really have to stop that.
That's what I suspect happens throughout the Ubuntu ecosystem. Somehow they've managed to get "go old" as a habit and everyone just does it and never thinks about the ramifications or what a good default choice is and automatically goes to one that is less ideal.
