From d0ca93eaa220b42a1e909bf1f7faa764290f18c6 Mon Sep 17 00:00:00 2001 From: Christian Henke Date: Fri, 18 Aug 2023 11:17:41 +0200 Subject: [PATCH] add security group set up; fixes --- .../images/security-group-rules.png | Bin 0 -> 13621 bytes wiki/Tutorials/PublicWebServer/index.md | 51 +++++++++++++++--- 2 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 wiki/Tutorials/PublicWebServer/images/security-group-rules.png diff --git a/wiki/Tutorials/PublicWebServer/images/security-group-rules.png b/wiki/Tutorials/PublicWebServer/images/security-group-rules.png new file mode 100644 index 0000000000000000000000000000000000000000..1b31451131244bbc76653a5145c9f9a0b5d8d806 GIT binary patch literal 13621 zcmb`Oby!ZAf?k)Igt500=AEr@E(=DIB$QtA{YfkDlhP$f-Wt#0@Pp{hsH9H~wxrI^+Jy``!Dd z(wMu@`+m%7+vlIm1J<6I@;y1Z`Wg1(+ZV1UD@bQg5LeYfi}|2miVhMCDXZX2kq6R0 zx_jrgQ&?E;wu|AR^`)hr~e!2DMF|e@8U(kd88d%Q)a&iA! zKR!ph{NqQPFqZ9~O56{l*ncg<_y2O%GdWB8Pi>gxD^!J@zoeR3pbTLNDCuW=kWr9_ zr;rkKgZ!|*p*UHd5kOo{`M2?dm`02@``!|S?pY`~&djuSli-(--f;lAd{-hmf7m5c z^dxZwuien&<)7w149Ap@*YYsl65>H2^y1NuXWW#OF{UAwJ<)P#BwzfM<yd?a_wkZPp24_i8BqXO6)ej0~_f7Y{ z-afxVXplF7V+o|F$g09k!E1AUWm$1B!6Gf~;GAViWt71OTDfU35KiqmlH)B?WE~bq z#%|EW%ITYFx(;igiTCe~s*bv|rmV=WUb z;ExVSD8Ax(X=FmWmzK^)W;|Uvl`|x`A z^W#XS!qo~HZoou~d9k~gDzwge=t*bSmoVBLxfCp{Us|d)Hueb3fFyEp-AzSGIB$7K^Ek1n^*y@%=dOMKS(gyIwQ@1LSb7}j zDlO}5q;s^4zzc~mLbl_iXWddv1bxhtmBsIwC+m+>ErG7YTRyq?j8&pn3WTH z_y((CKXg8p9d;GAqqXSQ+S8*tx>}9@QgFZUL*8>v^|uKbRASu5NARLzAkcI?$v@5a z5H0IF2mWOstQOy5b~KRUJf^tltXF+6smgS-jhcy}DB7a!gQSe2U!&nU<;>npBz(E$ zcZ1&7vib`Y=InizY4_)8(qM@9o7ZT}y6P~hzknsA=TOhlZD{5AlJW~IT{t~Mt%P^p z8v3{ywl>mm{5ky#HdDh+7$v?-v9s*u_%Z2P%^b;C(Su$1hFlz?3)Z`#Z7(K9z&xxy zZ`H3S7JE}zFT0B1Z)7*Si}k~nd~@ZkTY64GSkH(G&%li0R=+5}|HZ?m1ba!r(*p^k zt@ssMb~9>pbLQT6$CBA#ip^I}HWIYgP6 z>(0^j=;ZF~DdEX;erT2H=mWO(GyDorqtjXN6uTlyh4}dVoHUDCYXzIleQ@WXpk%se zwyC4+OvYTjLkQ9iGpPRlMw_zExI3ujz17HLNUH)1N20~S>+GXqK306A(2x(G=PwXT za{Zzd6&FOrezNFS&<~3XaOPwNfY+k`URapgdHjPK`+=bg6QNN*r?6=XbMuE6Z;)2M zX1~?8`pJbw&i+&c)x1>oGI`A}RG@vfWbA8BU*Ln0?{mIap#}DS!O+xY;prutOi45{ zU})vC8%d3N3CT2m_%7F>GI#z^x`bAI7SFl=KGw&%$tz4GE);6(ZHUUAPX=M8irO`>U*kdvytrQd?)`=!J9uT=+Wbb{tSpt} z*;8`zw`QBM3!NGQEN#~i+fVO+>WyaR+CFYaWVZ$G%F{ur003OrdvG3c<8ElEY`C0@ zAoKC4&k+y4F1xW;7w3T`mnlb17$o+F$f?tB0t?c^s6YvAOXaE*!3;GZkS)$UGAW+sqS5+=TfZeP zyv%sqC~h`N!CYNCgvr3AM4kLmOjjRCUbEIm+PPq^J6PYKJX5@zC9Q{^0ugvgq8qd4 zxpBk3Vf(36Ndf z*?ZKB{j{2SZ~13Ne>Zdv&YYufFkE*w4%#@gc#`kiKcHW0-l2=Y*InGi??Sx{L4cE8tD{7`JYrdjg;_R{OT#KyF)_Kjtnct-B z-Y++{V`_7y<-SH2_%_)#ygjsJ{}lr3eiEe5zXt*AuwR{v7vtc=|=5Cp$!d8u65fh|_OvVz=S* zXYNUuCIRV$bq&3L`3bpa;OcwHi_-0`7;nwc@x;V!((Ueb-&Z79SeFUWNQHK@uEnL{ z#E=deWG7RPy6ai*$#B=ewe1eUI_(ah{d`0_!ixYR*qD?5Jt&;iwKtTkN>-ucZFBlE z-^_%=iwZ$=P1m-4Nw@5|w2H`00@0^Uvw}ptyw%l&M4>@%zfz?r$~>Vn&ggXGuWhxN zI9WhMkR|PjBDYJba7kRr<}=9H5(-%-n)iZVuRVN5$4&sE648_ejxHy)pVP_lYBrh?BJR%=3^mHb_kyv1uGTm=X`?T_?r*3M8sVJhV!hoNF9BA+S52b`TjIh)sx7M9LVlMYF$)mMOmGvcO5R9* z6_eXRS!=jyavtPrMll+Te-IuUJ;uHGH5p?+UvcHsW$zh{OGIRFH8Lwc`g`1xR6M-~ zBEkU@_K)fCD8YRS@N8F5*yf{ebd~?BJk2YdlO>84C5ojPx~#r zh?yM;xIrp3god!u7Gi>f#oK@d-R}HUdscS|I76wZCH8XeNT^0-shJCjydW19bDOw= zI2dcW^^w%JBJ`(SI}GWwk1uVl&eM{fr2Wn*W9Cf(g`*yTMi~-|CEa;yr?Xgz*vUgK zs&q4()d^}Wbi$RE*G7GV1xtG_FX{*+R~0oK={0aS@)&G~AJLmd_3l5 z=0vzjtt9!%t-|fR9W=^B+9@OhN<6rYUo4(FYaO;GBtkjMnQN@$<4<$@+1W8!`ZpfY z)vhLA2OBSP%Qifm;@q2fV;so^T`Z>x=rOwJv_EfNdRJ$Y0Oozb2$o!9_+6p}kB+Yl zrcdwhNF7TsBoMb+vO5~|1<*XYk^p(TF~>AWqkV?C-`%X9%_r2NTIkQY3P~h~@oc)x z)o^1%q=DfD!EYugf-jzExU<3_M$N$m7MWzpJ0g8KeJ7`Z98D9qXUG-)Oiox8`*?5biv1Dh(>AU+pJfOaX3fOSx6Fa4moR4nW5ndUVpY>g5@FIKq@vI2Ut`hf*eIitN<0!!7x z_<*oWT|k{)5c3s{{Xv)cw8ix%$#+eegPBA^gXm_iJ!1#iZXn%AmQc3I6ifqUR`jqTgk1KUcE#+56h2>s2X=xp2+_c5}&2x&n ztB-ff>G!U&x!oapH|9{8A-ybk&gzfRU48P`DtmdG=0T1w^cCEc6my=Z24UAUudZP?wa-&RC2;v*JBlB$Xtf*os?m|fD}%OZ=}-A zjGe$@Z^%;9{lJSndRmrc@s=kDEtziiN7YP4BF#ubDK^jI&Gi~dP{XTVHPzT7!I?^LLefZr9$ZR!w&1m=DLig#=*Ri9 z1$aH5T76^-9S@Ido1OTiS56_a_+B>X>KH;FlJ>kuyFf`>bE=)7PQR7Mx>-kC3;%P> z{S{hgb}H_J{yC34l)A*6@Ye!smmJ^uHj@LPid|J#_9Hhpk!Pc$@>5?$i>{{uUvQe5 zs`M4xl-J&LxjuUEiGC950uuc2le{LOwML9jGa>P}H*R9_Q`OPT-79Aq;et}qkdW<$ z<2c>SkdPR!%fOaOMmN^>4B_6GZ)MD7)*?mP4Z{}{{YjFqp7$$h>Yy{0_8;JS^+9FB zaQ&EH{pu6{fFTDMW6a?-K7R7IQ?WU*8ljkC18q}ablbMK2bK{{l!xTY_-VxqP z)B3HIkeLS&#cUxTXN4N6gZZeHLO~47T9jN;)HgbkUzXoQ;2e|_&9 z=S8l(;8VNhvt!s6SwJqNM4;EC*SfyfkdrG%MEFXqf!)*J5mi`JlzE-t*F?9$GQ{*_ zczf!2=Hs__5BGO$t@6k`!3M4u?d#c)7Jmh?XGAN#2;X#{3p^#@2iq;UhO@=c5}1wf zrazLwQ7+cG=(N=N#nz zRGT+5_r#g*17po%x_Oy$a8RI#F9r&w6i1>0gsE2%e!*pY^&FzkS{;{Ty4vge_xjP&{3ik)Y^(SnL4+fc45nN~M*<3C;n4^Fj(E zI}P-r((AW5h_l(xr3d*LvB86>;}{=*BV&KQ#RO<2y7;dBVJG z!J)n=5iy*UUpk|*PRO-pB|sEY;nRKfy8#-nM;FV235^qZ_MM|3^H#i20@^K#Pi$vd z^9mXD`Ett9UKwr~-3=O3cnNH3lD3RrG2mG9+^QU^nACbCwED!Nk zC-f6jQiU3sEZBC?AE*B&-lyC4i%L8a_Rp=B5a=|^pS61wlTn4qMeT>~%;#$tsd!to z<4Q@`d(4%)%@twmUC^ML$eAPzO^;W5?i@zE!q-VxZrELD4rp)#xtG8` zM;Pk>OSPctG|Ce^Oi6Ji`>rX{HG%#5~6G|YL+8Ye3DDf6AxoAP2kI*! zzNH>;oBgiVW?6bhHQ&w+CBE%}>z{fr?VG?YN7sl=L8$cirguTjC6`hNp_X$Z^m7$o ziG`u`pp}XR|EK~~kEGqSPtsvtp9273U1T+YF5lcaF^5|k%>0#Z_cMB-0ktdn8+w^g zbgAG5Gz?=Gt8(bIPpsr0({G=w-u>z~L;!54P1aDogSot0HU(Pk1v9%>cp+)cx_TtMs$i_ zM`Dh!L9ptN@h1y5W(B?Fwj1L6kl~QEA9+w^47A&KbHg7bgXpH(KY!&`O}WoZ%+CXD z)i7mGb@dl^x%mCYx}5_lKiWxFz^YiNS|*!WY8(>6u8>)^T#hKZ2N6Ha!{?aRf1}{% z>9{o=UwtQT#S%Fju}B9xnn{hm^R|%?3+n-$924kQ-$3pTIHe_8yY*Xl@~)Dx#Wnfc zS&90K{!pjK`l19BWIqf|56GHWZT8b3bx})j!xvXJ?J2$xcjr%X(T=y;`+UxRN+ufs zFseoR6q7rFOFXHNN3+9J*LniDWB73uzT~bgCJ31Cp4CbEhT&_P{!Kx(27lgB9CNQ^s07f<1hf&x+jx^;^W1R&FYzl8UH z&bmJQ)A5hjgIDdI@7pA92C_%uU7`jc%sV zGYM;A$yE>jGl82?;Uav1f4Ga)LbJc=E+-Rt)8D`wmN)1+%63SXfWqD@c1Zu}Bg^Ql z#$S~5(a)UtemHaWTS`i9i&yXeZ@%>32H@YY%I2W?(HFRG|4|S`gf+G&9!#eVX_fjX z=*11~xpG<;Mpu2|T;TbBC%WFQ4u;aSwXgwPtOtad#p`%5uq+cqYdtYs*gci5A?Ygf z`YG>kMF@6ElF#x1`|XP+&9WXz*xi_4l==)Zm206$^JITq-?O#>W!HL4%>W8I;A8M( z2%YtHiBw`A{FK_38+a7j)NS6fZc@4P}J&JL)sJdS5SkeqQ^lZ6M^e1RxzvM8N>N(av68C!MF*F4nIN|O5*0d78gSSPnE4T1Xk?x|7S?Z;LR~&J+o{j-YsVj&q6P>=~bfT zmU{d26B3a)8JlC?adR3Z0y4cBuw}HeHT2Phgg}a?nP3if-H4&Gf!pu?fwt{h+JQ}3 zXD2vwA?zPO<4VSIf@FN-BkHsA$@)tJ!}GpcnEXIb?^PYD81LBwaKTg!2F)vm=%0^u z-Xl2MTeCs+oldnEz~KT2t@rtd$IpL0_ZyV=qT{+cJMEJM0JygMj=7w#L4}Yx+(z62 z+$vFha+J@&(6P5&*!jnP86PIzlXrG0F!Z0au^~%)lFx$QG8x=(!rM^?YD*zs=Rh-h zGeIP2T7Kq_{Dr`4zz(fV|CAJinLWCqT6)AgMI0$$$CUf-(sr!9lhZY5rlQHU`F(xS z+FVp{Uv_%By=;-t6M~jo#Z;Zl+%HAX3AX35c1G40xvP(oHC-2K(C-$S zt!rhxkny+I)T$Q|-OlT1^8y&(Ta;=|2?SHoUcwM_?!Ka!&P&Y-QiZV}}r*8zV;&7a4c&iMw zXyB}`n{5{=6^6S^MW_<0*{a9-;421>f8hiCjM z4MJ?@JC{+=@siA*SW$O`1?jO))9B6qoQlmrRiU%_!F;uUs(B_EC)^pF7Tx6Jyjiv7 z%*t)~?eb(Wr3Q|JR%_n?0#!)NRI1d}qU04*JDz-$7N0rdS{bRw3MxV->;1`J?dE~I z{>7Ee+&v+S;MWx}_JQZ{Z~NOS0T{8;&x+VabRhx2qRp&&O1VHHn_+{sT&Xb&lMlSO;6AQu_;Gm zmpoKQi${>jp&UWf=|lz>8z8o)fWE{JGEy8Dglx=)99D-q34$~=?YoNc!1JFv6g2LH zfpN(veRZO`7w^R-!Q^y#R3@*rH_?XbA%Z(kiS(|=mY+RLeCAP5eQ zT*r-a^A~^spR>p*9)eBoPK(Cl+zt(M8(^Fkn84wFE7SVZ!gJgcMN#CN#osa4!@;B6 z8e4Nx&4QiqZqZ_J+pd8&0+p)UaWQ}67}TBZ$Ooi%qrNo$Y^=2@zLi4Yo0;V!l<517 zAcN+O#?5;1?Hn_>BQk{CZDcr_NjM2%n!9!TE_$ z)!KhOHgPiEDE8cQVXMq-lT*c>fkAjjp~DQ`z_DeaGrn0C>F3U~gK_B7qd@w-R02kz zc9!PV8KG6EcXoD*T7_jOC+{_qCk{aM3?it*$0^o@GYzoazL=(x^DB8D6X)L2xSLOH zh8%>P#5k|--J4F$3H}NrFk6k>d^X9#`>8ZS7j6nMenJ^XxW@ac3F|=r?5NFJRq@Hm zUSh1QPl05hTSFW|@&R4Uo3n;sHx7ZMl=>RoDtb}%Swj zhm+i8mKN_AOcUZ6iVRR*A|eLFDugbrQxv(!604kTS+|EIAL4+W0I_}9iwb8GvB$%s zUUnq|m(9`cqn17))4zVj2)R@DA_}S_eb$bn;$^OgKZ8O;F0yaE^cah#tabjvhD>=G zt`31-%wd&1yll>1(O2}MVM0O1TZHBcDg-f@@oh&O84@#>%dWsW!E+Y|s0Hb@U)J$O zDDKb-&Vj@k4=|3UcvMCmz6eqp*tRDoyLO)q);nv4d zcfbZ}h6fD}whcW#8w3tc4XNwfzIe_z;@OO@$-%ifNOK|~0*R`k2?&A%LKUM9?B33f z-KQ}o77+Y8D|PQ{E{%A>fScDl4j;eWBGlA!2W&T<$;N-Up?oLgr!;WmY;JUypPia- zM9M(JnyZQY1ivv?jum;nMQ+wnd5fAJ0p}^+D1pJ$TGA8-gXB7w{27|2zV~MB6PNo~ z-p0xVRK~9TAx$P_3F?}}B1GR*_GcT|?DF`0oD4tSv^%9F+3(zvK^~h$SfKsk7^4-B z$=!HGSp!;#eMFii>pTy;xy8=Xl*hh&jp8o#*?zWRVn}=(6Dr>?6>30Bvk%M_iAS>( zd$Maw0)1BUT^lNA5*sT_qdAB}DY)pC_^#67hY9Jm4|fJVrCsxBO>l8xtxt zY(+eYjf{3(yqqSf@2jjF6Wo8?yKZXvG^Ekhg2GiFzv9z^xq*dt;$Er?1v$>yQZjFj zC=!!gSqp#rNlXg_>b~DxDKOMp8nm0^%;!%5*3rJe9L18{fMU-;ikHE}sQTo9I>i0z zrFvG!IGMum;+NaV+pj=$*YsxV#xYnEwnw6ca*ztG*U-KRKc<+Sk^fYV#mCGX1VL>N-{q zL%P2fCYM@CUEcj}M?lJNz|A!vO^}weA+jzeJ`RHx2@%}q0f{a}*IY-j55=N@;Bx|w zHx?nD`nFT&@h1Idl^R~$tEykHA1LEB=7!PBD;>yKHp|yK)s6-9x2HGOHc?GSb_);3 z#Rye19HABaDYPgk@H;NLY!wprXHgTMas%h^)^o?@BlHB>wTGf@WLMeDr-p_J_I!kV z<5U3NJUp8d5@R&f-+iCea6!^eqDgB0;Ry3hh)T#RO zM2B!M@lhZxY}h?w?rgM0q`$qiCzp%Mq49aP9;1?~*^lJ&7$-bRQ6y1Bmz>*hZGd6{ zlV1_8pS!aI!3kZ8^KNhZk|I7+cGq?~a+TO%N=8)aal)c@WL6A$FlFm(0ts2EU*XOo zvuwJ9aO=$?C7r)^jupm_Fs|cu-<1F71N=JRS2OThTT55q@Jj&vcCavhrl+r;@%< zbxi-ZT$coJKzW3axR7yiX#^}?+bM-X6hmuPRQsPo@wFU!p|_h z*>u2NjCE(y>wp}yIPZ0CZ~ zKZQ4~nr}Q9P>7%nhN#;<^*=L4Qi)vJ+s)$g^I2aQob*%iJeQcOjTQbDda3tzHmp=u zREeD=WQm5XCL<&SuhBYZzYVQoMpwYdmX${9{b2Eh(OlHKhh`UYSwd0f8&Hk_#m1F# zQ~Fx^d5jKON6A5z^QN$kn{e@XbNt12Ss;s2d_0Bt+>qK&!xypItK52kq$cH=2HXr7 z$!|6X;obzNiW)k9QO6I55l0qiO-2`{C)%e`;R2;ocAX_Y{{SwUlz7gpmV$m6qrL4P zZ>Ga(4qh;b`=NM=I~4FuOU9U3i;MSYrehd!y3zt&Cti@t5MFa4+c-}iu#uPXK#MHX zq>j`h?5d;mJa&DV54s6SR7!97gW$iTyJ4-kp9T3qrH0MOhQdda*}YSq_OSqb)MvHTc^9egVw)kM>4)D06+95E@6q%py3?ds}FEe;Xdt;}0wwE9@ z{kninR{J^GgrAE<&}F6Zr1uBY^;{`aev$K{Itl9!WM-54?0w3^xROB?2X5M5%~W3> zc`bZQ-G$l6tp|i2HC$3=ZsJD(S?4%)XTObY$uP#9SGYKbwA`gh*iw87hUSSIXkW0P zB5|U1ges3ca1OR;U+kHr{JN(pI$As^{TF{J05oc8W5BXn)qn?lg|iG^=?fdHmvk1P z(r=yNw~JT66NL}^d)xgkBC5d26q3OFC6)ljAQjIU7hwjsgzx&cJyfn&78LlO>v$N` zt!_*qoPWkeH5LMVeMIs|f|kuH1%%#15;x(_X-}`|*@a66`{7%ysE_lxr>B>yq|r=S zLV^f}rB`m@RB6av{^La1MwQ8D-Y5D)lNk(D!#ga_V%i3lyBNrPQ=9^bkzlNZzN z+VX^hyEUF|`Vh7jhWJ47k=8d{%R`p<#Cb^)L%gAzfzk)FB^|B}3B1DoFjGWRVc?T2 z6}8)WYFFjBrwZp>UkOofLi%#7c(~9pz=44^sji(e1LgxHpPaN0T<)FF}tRJd+D`UN{*^Hp~hN%#M@Y z6nyWpyV6fOq5*Km!@u#VhAD*6pg^_mFS5-pzx2*?yItU}0ZetZ%|DoDEUoYjn5!BUl|;?E3X5*srY*NmHo#Mtrlc&)^WU5VBZFh5sBM!RPHradfUF+77^Vbx((K z0QlX7nu0dNc;5{2<3AOe#djwSrA!@OVy+|`Y!tiJdcRW2Kh+ZJauk>bUQ#dAY1y&| z69ZP|V!>a9c%06(XaiQ|D3>$as6*0f5_EVBnHsh}u^}RQ==~HYnUWozU||iIZRO(X zrlhzmuvC!|@6hhD_s%{e@zh`2Fz=-^&QOxsZpZiK zPtF!v_Tl;~*W!)A1%U+9w3vHXAMfD&Kk(SUkeJH9_PP8|ID}z&g%Nq1lDJN4uW38S z=KX(>vE3G_ntze8^TnKjf0MC!u^k3Axv;{#&RJ55YF+*VOcj`miTs}}IzJ4#Z|Mzk z*r%fN*SN7|+uL?ObFLb@X|x6W?H{aDVr0@L`WJGLhr_6DR&E)L7K>uaA4o `Security Groups` +- Click on the button `+ Create Security Group` +- Name the new security group "public-web-server" and confirm the creation by clicking on `Create Security Group` + +Now the security group rules list should be visible. + +- Click on `+ Add Rule` +- Select "**HTTP**" as the `Rule` +- Enter "0.0.0.0/0" as the `CIDR` and click on `Add` + +- Click on `+ Add Rule` again +- This time select "**HTTPS**" as the `Rule` +- Enter "0.0.0.0/0" as the `CIDR` and click on `Add` + +The result should look like this: + +![](images/security-group-rules.png) + +Next, the security group needs to be added to the instance hosting your web server. + +- In the menu on the left go to `Instances` +- Find your instance and select `Edit Security Groups` from its `Actions` drop-down list +- Add your new security group "public-web-server" to the list of Instance Security Groups by clicking on the `+` next to it, then click `Save` + +The Caddy server should now be publicly reachable via HTTP on port `80` and serve its default web page. + ### Caddy - Configuration +This section will configure the Caddy server to set up TLS and to proxy requests to your backend service. + Requirements: - A domain name pointing to the public floating IP of your web server instance. -- A web server that you would like to make public (e.g. a Galaxy server) listening on `localhost` or `127.0.0.1`. +- A backend service that you would like to make public (e.g. a Galaxy server) listening on `localhost` or `127.0.0.1`. Replace the contents of `/etc/caddy/Caddyfile` on your instance with the snippet below. Replace `example.bi.denbi.de` with your own domain name and replace port `8080` with the port the -web server is listening on. +backend service is listening on. `/etc/caddy/Caddyfile` ``` @@ -65,17 +100,17 @@ example.bi.denbi.de { Reload the Caddy server: `sudo systemctl reload caddy` -Afterwards, you should be able to access your web server by simply entering the domain name (without any port). +Afterwards, you should be able to access your backend service by simply entering the domain name (without any port). Your browser should now indicate that the connection is secure, as seen below. ![](images/connection-secure.png) ## Authentication -It is strongly advised to make use of the authentication and user management features your web server provides. +It is strongly advised to **make use of the authentication and user management features** your backend service provides. In case the web server you make public does not offer any authentication methods, -access must be regulated by telling the Caddy server to ask visitors for their username and password. +**access must be regulated** by telling the Caddy server to ask visitors for their username and password. Users are managed inside the Caddy server configuration file. To create a new user, e.g. `alice`, generate a password hash using