# Security ### Traffic Encryption In order to encrypt traffic to Floating server, we need to add an encrypting proxy that will forward requests to the Floating server. Here is an example configuration for Nginx: {% code title="nginx.conf" %} ```shell server { listen 80 default_server; listen [::]:80 default_server; # Domain name this server will listen on server_name example.com www.example.com; listen 443 ssl; # Path to certificate pair ssl_certificate /etc/nginx/tls/cert.pem; ssl_certificate_key /etc/nginx/tls/key.pem; # Set TLS protocols and ciphers ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; # Redirect non-https traffic to https if ($scheme != "https") { return 301 https://$host$request_uri; } # Redirect to floating server, # make sure to set port to the one floating server is listening on location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE_ADDR $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https proxy_pass http://127.0.0.1:8080; } } ``` {% endcode %} If you want a more in-depth guide on how to secure Floating server using Nginx and Certbot: [**Using Free Let’s Encrypt SSL/TLS Certificates with NGINX**](https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/). ### Floating Server Password You can enhance the security of the Floating Server by setting up a login password for the web interface. This is done by adding a hashed password to the `config.yaml` file: {% code title="config.yaml" %} ```yaml # Password hash for website login (e.g. https://bcrypt-generator.com/) websitePassword: $2y$10$lsiMFX54HFoPbceInt3ppe4JW7wGxuYyRJSVLDgGX5RVv4m39aTyG ``` {% endcode %} You can also set the Floating Server password directly through the user interface. For more details, please refer to the [**Change Password**](broken://pages/9a55733533f86e179eb4b78cd84b03f1f99c58f2) section. This ensures that users must provide the correct password to access the server's UI, adding an extra layer of protection. {% hint style="warning" %} Redis Security: If you're using Redis, secure the Docker volumes and networks to ensure that your Redis instance isn't tampered with. This is crucial in environments where data persistence and node-locking rely on Redis. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.licensespring.com/floating-server/floating-server-v1/best-practices/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.