Floating Server
Best Practices
Security
3 min
traffic encryption in order to encrypt traffic to floating server, we need to add an encrypting proxy that will forward requests to the floating server here is an example configuration for nginx server { listen 80 default server; listen \[ ] 80 default server; \# domain name this server will listen on server name example com www example com; listen 443 ssl; 	\# path to certificate pair ssl certificate /etc/nginx/tls/cert pem; ssl certificate key /etc/nginx/tls/key pem; \# set tls protocols and ciphers ssl protocols tlsv1 tlsv1 1 tlsv1 2; ssl ciphers high !anull !md5; \# redirect non https traffic to https if ($scheme != "https") { return 301 https //$host$request uri; } \# redirect to floating server, \# make sure to set port to the one floating server is listening on location / { proxy set header x real ip $remote addr; proxy set header remote addr $remote addr; proxy set header host $host; proxy set header x forwarded for $proxy add x forwarded for; proxy set header x forwarded proto https proxy pass http //127 0 0 1 8080; } } if you want a more in depth guide on how to secure floating server using nginx and certbot using free let’s encrypt ssl/tls certificates with nginx floating server password you can enhance the security of the floating server by setting up a login password for the web interface this is done by adding a hashed password to the config yaml file \# password hash for website login (e g https //bcrypt generator com/) websitepassword $2y$10$lsimfx54hfopbceint3ppe4jw7wgxuyyrjsvldggx5rvv4m39atyg you can also set the floating server password directly through the user interface for more details, please refer to the change password docid\ pmcs jye70thll9opv fi section this ensures that users must provide the correct password to access the server's ui, adding an extra layer of protection redis security if you're using redis, it's important to secure the docker volumes and networks to ensure that your redis instance isn't tampered with this is crucial in environments where data persistence and node locking rely on redis