faurmic's picture

Hi,

 

Using TurnkeyLinux Wordpress 16.0 in Virtualbox 6.1 to run a web application on my local network at the office.

 

I'd like to get access from anywhere to:

  • the Wordpress application,
  • Webmin, and
  • Adminer.

 

How can I achieve that in a safe way ? remote SSH ? We'll only be 2 users.

  1. other user, from his home, running Win10 only needs to access Wordpress as a website.
  2. me, the 3 aforementionned (Wordpress, Webmin, Adminer). From home running Ubuntu.

 

Did a search on turnkeylinux.org: "remote access wordpress" but couldn't find any topic except for databases.

 

May someone give me a hand with that? Thanks

 

Regards,

 

Michael

 

 

Forum: 
Jeremy Davis's picture

The easy way would be to just make it public. That would probably require some sort of configuration in your router and/or firewall such as port forwarding (aka "NAT passthrough"), etc. The details of that will depend on how your network is configured.

So long as you use good passwords i.e. more characters the better, different types of characters (uppercase, lowercase, numbers, punctuation characters, etc) and avoidance of dictionary words (stringing multiple dictionary words together is fine, especially if they aren't interrelated) and you keep WordPress itself up to date; then there should be no security risk.

If you'd rather not go that way and/or you can't publicly publish your WordPress then you'll need to investigate other options. A relatively simple thing to do would be to do some "security through obscurity" by using non-standard ports for these services (the Webmin and Adminer ports are already non-standard by general standards, although are obviously widely advertised as default TurnKey ports. Note that this doesn't really provide any real security from anyone who is seriously poking around, or a targetted attack (will only avoid the more common attackers that are just looking for low hanging fruit).

Possibly the best way to keep everything private would be to use a VPN. That can allow you to access the LAN remotely as if you were local. We have a couple of VPN appliances which might suit your purposes here? The downside of that is that it will allow full access to the internal network, not just the WordPress appliance, although that may not be an issue in this case.

There are also other ways. Such as using SSH (or spiped) and then mapping a connection from the remote server to a local socket. I've only ever set that up when using Linux on both ends, but I reckon it'd be possible with Windows these days too (although I have no idea how you'd go about that...). So to access port 443 (i.e. default https) on a remote server which you have SSH access to, first log into the TurnKey server and enable TCP forwarding. You'll then need to restart SSH.:

# on your local computer
ssh root@REMOTE_IP_ADDRESS
# once connected to the remote server
sed -i "s|^AllowTcpForwarding.*|AllowTcpForwarding yes|"
systemctl restart ssh
exit

Now reconnect noting the local and remote ports you wish to connect. I.e. to view the remote port 443 via local port 8443, this will do the trick:

ssh -L 8443:localhost:443 root@REMOTE_IP_ADDRESS

Then to connect, open your web browser and in the address bar type "https://localhost:8443" and you should be connected to your remote server. Note that whilst mostly it should work fine, some weird behaviour may occur under some circumstance because of the domain mismatch. You may be able to work around that by adding a local hosts entry (to point the configured domain to localhost).

Note that you can do further SSH hardening too, to reduce the risk that allowing public SSH access creates. E.g. using a key pair to authenticate and disabling password login, etc.

I hope that gets you going in the right direction. If you want any further feedback or elaboration, please ask. Also please post back when you have it configured to your liking so others may get some insight.

faurmic's picture

Thanks a lot for your thorough answer. Much appreciated !

Will try the options you've provided and get back with conclusion.

 

Regards,

 

Michael

Jeremy Davis's picture

You're welcome and good luck! :)

Add new comment