openvpn over https ... nginx users please check my security

graysky · 2017-08-12 09:51:02

I followed this guide to setup openvpn to run sharing port 443 with nginx in an attempt to maximize my ability to use my VPN while connected to some restrictive wifi networks that seemingly block VPN connections.

I am not an nginx expert and wanted to get feedback from users who are as the the security suitability of the setup I am now using as it requires port 443 to be forwarded thus exposing it to the world. I have nginx-mainline installed and I created the config file needed shown below. I can get nginx to display the default 'index.html' when I point a browser to http://MYDOMAIN.com and I can also get my openvpn client to connect so the setup seems to be working. What I don't know is how secure/safe it is to run as I am:

1) I made /srv/http/null (owned by http:http with 755 permissions).
2) I created /etc/nginx/conf.d/openvpn-over-https.conf (shown below).

server {
	listen 4443 ssl default_server;
	ssl_certificate_key /etc/letsencrypt/live/MYDOMAIN.com/privkey.pem;
	ssl_certificate /etc/letsencrypt/live/MYDOMAIN.com/fullchain.pem;

	root /srv/http/null;
        index index.html index.html; 

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}
}

  server_tokens off;
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

Suggestions are welcomed.

Last edited by graysky (2017-08-13 19:25:33)

Arch Linux

#1 2017-08-12 09:51:02

openvpn over https ... nginx users please check my security

Board footer