Setup internal websites - accessible only via VPN
I have a single Linode server with 2 websites running - one is public (production) & the other is internal (dev).
I don't want the dev one to be accessible to the public. I want it to be accessible only when connected to VPN. So I installed OpenVPNAS and did "no" configuration. I am sticking to the default config.
What I did now is, set the DNS record for the dev to point to the Linode's private IP so that it can be accessed only when I am connected to the VPN. The OpenVPN is installed on the same server.
Now my concern is - anyone who has a VPN setup in the same Linode data center might be able to access my internal website. How do I avoid this? I am zero to VPN config, so I would like some advice on it.
Thanks in advance.
1 Reply
I managed to fix it partially by changing the DNS for the dev to point to the VPN IP. So no one can connect without being on the vpn network.
Now I have another problem. I use runcloud to configure nginx. Which means that if someone were to update their host file to point the dev domain to the public IP of the linode, he would still be able to access the page. I changed the nginx config to serve only to the vpn's IP but it isn't working. This is the config:
server {
listen 172.27.224.1:80;
include /etc/nginx-rc/conf.d/mllm-staging.d/main.conf;# Redirect request to https
if ($scheme = http) {
return 301 https://$host$request_uri;
}
}server {
listen 172.27.224.1:443 ssl http2;
Is my config wrong?