Hey Guys, i´ve got a Question maybe somebody can give me a hint.
I´ve waited a long time for OMV 3.0 for a fresh Server install and configuration which i made a couple of days ago.
My Server have some Services running who need public reachable like CalDav, Cloud etc. [Made over DynDNS]
The End Result should be like this:
Openmediavault-WebGUI -> Only Reachable over private IP-Adresse Range 192.168.2.0/24, the Adress of the WebGUI should be 192.168.2.2
Wordpress -> Reachable over private and public IP Range
In my Router [FritzBox] i´ve created a Portforwarding for Port 80 to the Internal adress of my Server.
Nginx redirects all Request from Port 80 to the SSL Port 443 for all my Domains/Subdomains, OMV-WebGUI ist running only on Port 80.
So far all running like expected, but today i´ve found a security breach.
The OMV-WebGUI is still reachable from the public net, if i use my public ip-adress instead of the Servername.
No comes my Problem, i´ve can´t redirect the public ip to the https port, because it altert within 24 Hours.
So i´ve hacked a little bit and modified the nginx openmediavault-webgui.conf and add a restriction:
location / {
allow 192.168.2.0/24; # erlaubt ein Subnetz
deny all; # verbietet es allen (außer den erlaubten)
}
Now all works like a charm, with a bitter taste.
If the Server restarts, Openmediavault will overwrite my Hack
Have anybody some Ideas how i can prevent the OMV-WebGUI from public accessing ?
Changing the Port from the OMV-WebGUI is no alternative, because it will produce some other conflicts.
Greetings
Vertax