Question
vpc gateway setup for webapp and multiple users
- Posted on March 13, 2021
- DigitalOcean VPCUbuntu 20.04
Asked by ricardomalla
hello, i’m responsible to take our on-premise web crm (sugarcrm) and put on the cloud, as more sales people are working remotely.
we’re very concerned about security, thats why we want to put it on a vpc, but are not sure the “logistics” of the users authentications.
they would be login in from their homes so they would have different and dynamic ips.
additionally we would like to have granular control on what they are accessing and have for example schedules (theu can access the vpc fr 8 to 5).
i envision some kind of web app gateway, where they login and there they get their privilages to access x,y, or z server.
but im not sure where to start.
the info i’ve found is just to forward the ports on the gateway droplet, but that doesn’t seem to make much sense on our scenario.
any ideas o help?
kind regards!
r. malla
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Spawn a Droplet and configure an opensource VPN solution. There are a lot of choices, but I would recommend OpenVPN or Pritunl.
Both have very stable clients and are easy to setup. Both offers per user/group access policies that allow you to configure privileges and restrictions. You can assign different groups different IP subnets and configure firewall rules to restrict access. An example is here: https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/
additionally, would like to have different privilage profiles, for example, the sales staff only to be able to access the crm server, the accounting staff only the erp server and the ceo to access all servers.