this post was submitted on 17 Jul 2023
47 points (100.0% liked)

Selfhosted

39226 readers
605 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
47
Home Server Security (sh.itjust.works)
submitted 1 year ago by beppi@sh.itjust.works to c/selfhosted@lemmy.world
28 comments fedilink hide all child comments
 

Hey guys,

Currently im just running calibre and nextcloud docker containers over the web, with a ddns from noip and a cloudflare domain. But i also want to setup a vaultwarden container too, so now i need to really consider the security of my server. What are the main things to watch out for? Calibre and nextcloud are just using subdomains, is it okay to have a subdomain to connect to vaultwarden? Am i better off just trusting bitwarden and sticking with them?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] sftp@lemmy.world 7 points 1 year ago (1 children)

I just use wildcard domain that points to my local IP of my homelab. For example, *.myhomelab.com points to 192.168.1.111 (the local IP of my machine). Then, reverse proxy routes my traffic. Here are some great vids about it: by Wolfgang, by Christian Lempa, and by TechnoTim

To access my home network from outside, I use WireGuard VPN. So, I have the only one open port to the global web. I also use a random port, to dodge some bots. I use DDNS to access my VPN server, since I have a dynamic IP.

I know some people use Tailscale (it uses WireGuard under the hood) so check it out too.

Personally, I use wgeasy container to work with WireGuard, but it's so easy to be manually configured.

I'm not an expert in security or system administrating. I'm just a regular software developer, and homelabbing is my hobby. However, I have common sense of the security basics. I consider every open port as a potential vulnerability that could be exploited by hackers. So less open ports -> less security risks. Also, using VPN to access my home network adds additional layer of security. Adding 2FA for each service is also a great idea.

[–] PipedLinkBot@feddit.rocks 3 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/watch?v=qlcVx-k-02E

https://piped.video/watch?v=TBGOJA27m_0

https://piped.video/watch?v=liV3c9m_OX8

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.