I started to create my very own website. I originally had it on a raspberry pi 3b but upgraded to an optiplex 9020 usff , 1tb SSD, 8gb ddr3 running Ubuntu Server LTS

I’ve spent more time on the backend than actually designing my site because I’m worried about security. This website and server will only be accessible within my network. So I’d like to know if the ufw rules I set up are a good start.

ufw default deny incoming

ufe default allow outgoing

ufw allow from 192.168.1.0/24 to any port 22 proto tcp

ufw allow from 192.168.1.0/24 to any port 80,443 proto tcp
ufw limit 22/tcp

I’ve also installed fail2ban.

I’ve also managed to install webmin, but I also want to install cockpit, grafana, Prometheus, loki, and promtail but I don’t want to overwhelm myself.

My optiplex sits beside my router while I ssh from my laptop and work on it. Any recommendations for securing my server or monitor it would be very helpful as chatgpt is the only teacher I have until I stumbled on this subs.

  • Affectionate-Pickle0@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This website and server will only be accessible within my network

    If this is the case then your security is already a done deal. No real need for ufw (though you could argue that it is a good thing to have either way). You have no need for fail2ban if it is internal server, nobody can connect to it outside of your internal network, meaning you might only manage to ban yourself by accident.