Does anyone here have their Vitxi server open publicly?
Do Fail2Ban settings apply?
Does VitalPBX Geo firewall apply?
Any known security risks in having Vitxi open publicly?
Thinking of hosting Vitxi on a separate server and allowing from the PBX only necessary ports to the Vitxi server, and the Vitxi HTTPS port open publicly (maybe through Cloudflare if possible).
VitXi is a web application that uses WebRTC technology, due to the security restrictions that browsers have, you must use a valid SSL certificate.
Regarding the ports, as you mentioned, you can enable only the default ports used by VitXi.
Also, if you want to block commonly used ports (80, 443, 8089, etc…), you can do it but you must make the proper configurations for everything to work correctly.
Also, in the PBX Settings module, be sure to configure the domain/ip of the server where your VitalPBX will be.
In addition to the Fail2ban rules, you can enable the GeoFirewall module with which you can limit the countries that can access your VitalPBX.
Based on my testing, fail2ban does not apply to Vitxi.
I tried logging in from a device not whitelisted in the firewall and attempted the wrong password on the Vitxi sign-in page multiple times, and I can still access the system.
Please advise.
That is correct, currently, fail2ban does not apply to VitXi. In the next release we will limit login attempts to improve the security of the application.