snowsr's garden

Search

❯

Remote expose python web service with Nginx, BasicAuth, Cloudflare and Fail2Ban

Remote expose python web service with Nginx, BasicAuth, Cloudflare and Fail2Ban

Aug 07, 20241 min read

dev/nginx
dev/webserver

Expose Python Web App via Nginx with Basic Auth

Achieved with proxy_pass in Nginx config file.
If service exposed via a URI path, both location and proxy_pass should end with a /. There should also be additional regex locations to capture and redirect static files and other accesses that occurs under root path.

try_file / location block 1 try_file / location block 2

Additional configuration required for proxying websocket applications.

proxy_pass websocket

Basic web authentication (should be used with SSL at least)

Fail2Ban And Cloudflare

Basic Fail2Ban setup
To use Fail2Ban with Cloudflare, has to use Cloudflare plugin to also ban IP on Cloudflare.
Fail2Ban sees Cloudflare’s IP (since it’s a proxy service). Need to configure Nginx real_ip to expose real IP before basic auth, so that Fail2Ban and Cloudflare ban the correct IP source.

Cloudflare IP

Graph View

Expose Python Web App via Nginx with Basic Auth
Fail2Ban And Cloudflare

Backlinks

blog

GitHub
About

© Adrian (Junan) Zhao 2024-2024.Created with Obsidian and Quartz v4.2.3.