Question
vpc gateway setup for webapp and multiple users
- Posted March 13, 2021
- DigitalOcean VPCUbuntu 20.04
hello, i’m responsible to take our on-premise web crm (sugarcrm) and put on the cloud, as more sales people are working remotely.
we’re very concerned about security, thats why we want to put it on a vpc, but are not sure the “logistics” of the users authentications.
they would be login in from their homes so they would have different and dynamic ips.
additionally we would like to have granular control on what they are accessing and have for example schedules (theu can access the vpc fr 8 to 5).
i envision some kind of web app gateway, where they login and there they get their privilages to access x,y, or z server.
but im not sure where to start.
the info i’ve found is just to forward the ports on the gateway droplet, but that doesn’t seem to make much sense on our scenario.
any ideas o help?
kind regards!
r. malla
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Spawn a Droplet and configure an opensource VPN solution. There are a lot of choices, but I would recommend OpenVPN or Pritunl.
Both have very stable clients and are easy to setup. Both offers per user/group access policies that allow you to configure privileges and restrictions. You can assign different groups different IP subnets and configure firewall rules to restrict access. An example is here: https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/
additionally, would like to have different privilage profiles, for example, the sales staff only to be able to access the crm server, the accounting staff only the erp server and the ceo to access all servers.