I recently found out some basic security stuff I could implement to ensure that my VPS's are safer. I have tried to implement these but I have run into some problems. I do not know what my next steps should be.
Firstly, instead of handling my nginx configs manually, I set up nginx proxy manager. It has been working well for me so far. This doesnt have anything to do with the security stuff I fgound out about but it did make my life easier as I had a more manual approach to using nginx in the past.
I pointed my domains nameservers to cloudflare so that my ipaddress for my VPS could be proxied. I did a DNS lookup and I could not see my servers IP anywhere. I ran tracepath in my terminal to my domain and i didnt see my IP there either so im assuming this worked.
In terms of docker, host ports are now prepended with 127.0.0.1 so that the conatiners are not directly accessible through the internet but instead have to go through my reverse proxy.
My thinking was that this would allow me to keep all ports closed except 22,80,443. Now this looks to have worked for nginx proxy manager as I can access it through the reverse proxy i set up. The problem now comes with any other containers I try to access in this way, i get a 502 error code from cloudflare in the web.
I am not sure why I can only access nginx-proxy-manager but not any other containers when they are set up in the same way.
