Expose Python web app via Nginx with Basic Auth
- Achieved with
proxy_passin Nginx config file.
If service exposed via a URI path, both
proxy_passshould end with a
/. There should also be additional regex locations to capture and redirect static files and other accesses that occurs under root path.
Additional configuration required for proxying websocket applications.
- (should be used with SSL at least)
Fail2Ban and Cloudflare
- To use Fail2Ban with Cloudflare, has to use to also ban IP on Cloudflare.
- Fail2Ban sees Cloudflare's IP (since it's a proxy service). Need to to expose real IP before basic auth, so that Fail2Ban and Cloudflare ban the correct IP source.