Security

3min
Traffic Encryption
In order to encrypt traffic to Floating server, we need to add an encrypting proxy that will forward requests to the Floating server. Here is an example configuration for Nginx:
Shell
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    
    # Domain name this server will listen on
    server_name  example.com www.example.com;

    listen 443 ssl;

	# Path to certificate pair
    ssl_certificate /etc/nginx/tls/cert.pem;
    ssl_certificate_key /etc/nginx/tls/key.pem;
    
    # Set TLS protocols and ciphers
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # Redirect non-https traffic to https
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
    
    # Redirect to floating server,
    # make sure to set port to the one floating server is listening on
    location / {
    	proxy_set_header X-Real-IP $remote_addr;
      	proxy_set_header REMOTE_ADDR $remote_addr;
      	proxy_set_header Host $host;
      	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      	proxy_set_header X-Forwarded-Proto https
        
        proxy_pass http://127.0.0.1:8080;
    }
}
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    
    # Domain name this server will listen on
    server_name  example.com www.example.com;

    listen 443 ssl;

	# Path to certificate pair
    ssl_certificate /etc/nginx/tls/cert.pem;
    ssl_certificate_key /etc/nginx/tls/key.pem;
    
    # Set TLS protocols and ciphers
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # Redirect non-https traffic to https
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
    
    # Redirect to floating server,
    # make sure to set port to the one floating server is listening on
    location / {
    	proxy_set_header X-Real-IP $remote_addr;
      	proxy_set_header REMOTE_ADDR $remote_addr;
      	proxy_set_header Host $host;
      	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      	proxy_set_header X-Forwarded-Proto https
        
        proxy_pass http://127.0.0.1:8080;
    }
}
﻿
If you want a more in-depth guide on how to secure Floating server using Nginx and Certbot: Using Free Let’s Encrypt SSL/TLS Certificates with NGINX.
Floating Server Password
You can enhance the security of the Floating Server by setting up a login password for the web interface. This is done by adding a hashed password to the config.yaml file: 
YAML
# Password hash for website login (e.g. https://bcrypt-generator.com/)
websitePassword: $2y$10$lsiMFX54HFoPbceInt3ppe4JW7wGxuYyRJSVLDgGX5RVv4m39aTyG
# Password hash for website login (e.g. https://bcrypt-generator.com/)
websitePassword: $2y$10$lsiMFX54HFoPbceInt3ppe4JW7wGxuYyRJSVLDgGX5RVv4m39aTyG
﻿
You can also set the Floating Server password directly through the user interface. For more details, please refer to the Change Password﻿ section.
This ensures that users must provide the correct password to access the server's UI, adding an extra layer of protection. 
Redis Security
If you're using Redis, it's important to secure the Docker volumes and networks to ensure that your Redis instance isn't tampered with. This is crucial in environments where data persistence and node-locking rely on Redis. 
Updated 23 Sep 2024
Did this page help you?
Floating Features
Whitelabeling