curious :: old phone for remote to server

Lilitu-Blackstar · 2021-12-23 14:34:33

I have a self made lan server that runs my streaming, mpd, lights, and is an nfs for my movies/games etc

i have an old phone that i stripped of google apps, and using just firefox to interact with a couple pages

if i do not offer dhcp to wireless devices, and firewall rules for apps are set by specific static IP address

curious what sort of concerns i should have running this style set up

or more importantly if nmap and some vulnerability scripts would be telling me all that i want to know.

my main concern is one of the web apps runs php, and is http only given the proxy is located on another machine elsewhere and unaccessible to the wifi devices

the application in rompr which is an mpd web client that uses js php and html/css, running in podman

so curious if making another nginx proxy container for the wifi only on its located machine so can apply https

given that the wifi devices only have access to one machine

or if there is a way to turn down the stregnth of the wifi so it does have a larger range then my bed say 60ft away would be possible

perhaps both, i just know my old mentor had it out for php for good reasons

Koatao · 2021-12-23 18:13:05

Hi,
So what's your question exactly?

You start talking about old phone and finished by telling us something about your mentor and PHP? Like where are you going with it?
We ain't in your head, and barely not using punctuation (for good reasons or not) isn't helping.

Not offering DHCP service isn't improving security. I think it even had the opposite effect on you as you believe it is, indeed, improving security. Thus providing a fake sense of security.

Again, we don't know «all that you want to know». How could we possibly tell you if nmap would be relevant in this case? I think nmap is useless if you lack the knowledge to understand the information provided by it. There is no tool able to tell you if your infrastructure is 100% secure.

Yes, use NGINX as a web reverse proxy if you want to encrypt your web traffic.

About WiFi? How should we know? BTW it is hard to crack a WPA2-PSK WiFi network. If the PSK is a 16 char long random string (including lower/upper case letters, numbers and special characters), it would take ages, even for government agencies to crack it.

So where does Archlinux comes into play here? All of this sounds very generic to me.

Last edited by Koatao (2021-12-23 18:14:14)

Lilitu-Blackstar · 2021-12-23 18:18:07

my question was about php vulnerabilities when it has to run through http. i tried to give info i thought would be helpful so forgive that.

my conern is http php over wireless

curious if best solutions might be

an extra https proxy for that specific device
or lowering strength/range of wifi freq
perhaps even just best to attach it via eth cable ( just not a huge fan of a long cable for this device)

edited to answer above edit

its more about running two nginx proxies that i wonder if is an issue

have one on x.x.1.201 already which the wifi devices only may access x.x.1.219 so unsure if running another proxy on .219 for specificlly that one device is the best option

Last edited by Lilitu-Blackstar (2021-12-23 18:20:22)

Lilitu-Blackstar · 2021-12-23 18:27:25

i think it is extra confusing for me because i have a p400 that is my gateway via wifi, my dhcp server via dnsmasq, as well as my https proxy. this is used by the lan network yet the old laptop is the server that runs most content. so using linux-wifi-hotspot the connected devices are unable to share the already shared internet connection provded by the pi400's wifi. i am unable to ping any wifi connected via hotspot devices from outside of .219 server mentioned above. and to be honest this is actually ideal as it makes vault warden, pihole, and other admin tools inaccessible via that wifi. plus with firewall rules being ip specific on the 219 server, i find wifi connected devices being limited a perk especially for lan gaming friends that wish to connect via wifi.

does that help you? i had done my best to explain in OP that while leaving out info i thought was less releveant to my question so forgive me that

Trilby · 2021-12-23 19:50:59

Lilitu-Blackstar wrote:

my question was about php vulnerabilities when it has to run through http

Which vulnerabilities? And if the issue is vulnerabilities in a server side script, why would the protocol used to send the resulting html over the "wire" matter? If you are concerned about some undefined vulnerability in php, then http/https is completely irrelevant.

And if your question is about php and / or http vs https, why does the thread title only mention an old phone rather than these topics?

Last edited by Trilby (2021-12-23 19:52:44)

Lilitu-Blackstar · 2021-12-23 19:59:23

1 ... i don't know i just hear php has privelage escalation issues

2 ... the server was originally open to web so the proxy was relevant. i shut it down because my dedicated servers were underused, so not its a lan server.

3 ... i was doing my best to explain the whole situation. win some lose some i guess

what i got was that the htp/https situation wont affect the security of the connection in regards to issues php has. so if its just a radio remote, and no sensative data, i will assume its the best it can be for this moment till i can pickup either a wifi hotspot proper, or a long cable to keep the phone connected via eth so given my inability to form a sentence in OP and the info ya gave tribly ill just mark solved n say thanks

Last edited by Lilitu-Blackstar (2021-12-23 20:22:39)

Arch Linux

#1 2021-12-23 14:34:33

curious :: old phone for remote to server

#2 2021-12-23 18:13:05

Re: curious :: old phone for remote to server

#3 2021-12-23 18:18:07

Re: curious :: old phone for remote to server

#4 2021-12-23 18:27:25

Re: curious :: old phone for remote to server

#5 2021-12-23 19:50:59

Re: curious :: old phone for remote to server

#6 2021-12-23 19:59:23

Re: curious :: old phone for remote to server

Board footer