So I’m using FreePBX on a droplet on digitalocean, the web interface/ssh everything is public facing becuase that’s how it’s default, so I’m wondering how to secure this. If this was on my home network, it would be behind my main firewall and LAN so it’s only exposed for the ports needed. I’m not that familiar how to deal with this with a cloud install. Do I turn on digitalocean’s firewall to limit ports? Make a SSH tunnel to access the web interface and block everything else?
I read to whitelist hosts for sip trunk and extensions? but my extensions are on dynamic IP and I have softphones on cellphones which don’t have a static IP. I can’t really find any info on securing the server as I don’t think this is right leaving everything open, regardless of the Firewall they have built in and fail2ban.
Any tips or suggestions?