I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?
Edit: Thanks for the tips everyone!
Cloudflare tunnel
Any service I have that is public facing is proxied through Cloudflare. I run a firewall on the host that only allows traffic from Cloudflare IPs. Those IPs are updated via a cron job that calls this script: https://github.com/Paul-Reed/cloudflare-ufw I also have a rule set up in Cloudflare that blocks traffic from other countries.
For WAF, I use modsecurity with nginx. It can be a little time consuming to set up and weed out false positives, but it works really well when you get it configured properly.
Some of my applications are set up with Cloudflare Access. I use this with Azure AD free tier and SAML, but it could be set up with self hosted solutions like authentik.
Don’t have vulnerable shit and ignore them.
Those are just weather.
I stopped messing with port forwarding and reverse proxies and fail2ban and all the other stuff a long time ago.
Everything is accessible for login only locally, and then I add Tailscale (alternative would be ZeroTier) on top of it. Boom, done. Everything is seamless, I don’t have any random connection attempts clogging up my logging, and I’ve massively reduced my risk surface. Sure I’m not immune; if the app communicates on the internet, it must be regularly patched, and that I do my best to keep up with.