Protect unprotected websites with dhis2-tools-ng

[kfeina]

Hello,

If I'm not wrong, some websites like /munin or /project-glowroot are visible to the public internet. This is not a big security issue but maybe someone could get valuable information about our systems.

To protect those web directories we could do it via htpasswd

For example:

mkdir /etc/apache2/htpasswd htpasswd -c /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd admin or (if inside an script): htpasswd -b -c /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd admin testpassword

And inside /etc/apache2/upstream, for each project to protect:

////////////////////////////////////////////// <Location /tomcat1-glowroot> #Require all granted Require user admin AuthType Basic AuthName "Protected site" AuthUserFile /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd ProxyPass "http://192.168.0.14:4000/tomcat1-glowroot" ProxyPassReverse "http://192.168.0.14:4000/tomcat1-glowroot" </Location>

////////////////////////////////////////////// For Munin we could do something like: htpasswd -c /etc/apache2/htpasswd/munin-htpasswd admin

And inside /etc/apache2/upstream <Location /munin> # Require all granted Require user admin AuthType Basic AuthName "Protected site" AuthUserFile /etc/apache2/htpasswd/munin-htpasswd ProxyPass "http://192.168.0.30/munin" ProxyPassReverse "http://192.168.0.30/munin" </Location>

What do you think ? Does it make sense ?

Regards.

[tkipkurgat]

Hello Kfeina, We are currently transitioning to the use of dhis2-server-tools, which are Ansible-based. These tools address the issues you are discussing, providing secure deployments.