Expose Python web app via Nginx with Basic Auth
- Achieved with
proxy_pass
in Nginx config file. If service exposed via a URI path, both
location
andproxy_pass
should end with a/
. There should also be additional regex locations to capture and redirect static files and other accesses that occurs under root path.try_file / location block 1
try_file / location block 2Additional configuration required for proxying websocket applications.
proxy_pass websocket
- Basic web authentication (should be used with SSL at least)
Fail2Ban and Cloudflare
- Basic Fail2Ban setup
- To use Fail2Ban with Cloudflare, has to use Cloudflare plugin to also ban IP on Cloudflare.
- Fail2Ban sees Cloudflare's IP (since it's a proxy service). Need to configure Nginx real_ip to expose real IP before basic auth, so that Fail2Ban and Cloudflare ban the correct IP source.
Cloudflare IP