ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 8 days agoWhat steps do you take to secure your server and your selfhosted services?message-squaremessage-square51fedilinkarrow-up10arrow-down10file-text
arrow-up10arrow-down1message-squareWhat steps do you take to secure your server and your selfhosted services?ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 8 days agomessage-square51fedilinkfile-text
Inspired by this comment to try to learn what I’m missing. Cloudflare proxy Reverse Proxy Fail2ban Docker containers on their own networks
minus-squarehperrin@lemmy.calinkfedilinkEnglisharrow-up0·7 days agoOne thing I do is instead of having an open SSH port, I have an OpenVPN server that I’ll connect to, then SSH to the host from within the network. Then, if someone hacks into the network, they still won’t have SSH access.
minus-squareChewy@discuss.tchncs.delinkfedilinkEnglisharrow-up0·edit-27 days agoI do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks less battery life.
minus-squareocean@lemmy.selfhostcat.comOPlinkfedilinkEnglisharrow-up0·5 days agoI’ve been meaning to learn how to make my own
minus-squareChewy@discuss.tchncs.delinkfedilinkEnglisharrow-up0·4 days agoI found the guide/examples on their website a bit irritating at first (that’s on me) but it works well once understood and configured.
One thing I do is instead of having an open SSH port, I have an OpenVPN server that I’ll connect to, then SSH to the host from within the network. Then, if someone hacks into the network, they still won’t have SSH access.
I do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks less battery life.
I’ve been meaning to learn how to make my own
I found the guide/examples on their website a bit irritating at first (that’s on me) but it works well once understood and configured.