• 0 Posts
  • 56 Comments
Joined 1 year ago
cake
Cake day: July 21st, 2023

help-circle


  • Lyricism6055@lemmy.worldtoSelfhosted@lemmy.worldHelp me harden my home server
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    5 days ago

    I still use a reverse proxy, but to get into my network you need to be on VPN. It’s more secure for me I guess.

    I use traefik forward auth, even inside my network on VPN, for an extra layer of security for some apps.

    My opinion is that port 443 getting accidentally misconfigured by me is just too likely a scenario. With wireguard on my router I also am able to restrict traffic to ONLY my webserver and DNS servers for my devices.

    So I guess that’s another positive of wireguard, you can use your own DNS servers for all your phones all the time and always have ad blocking with pihole or something similar, even on mobile.

    By using VPN I don’t have to worry about accidentally exposing a website with a copy paste error or something over my reverse proxy. I can also easily restrict who has access to my VPN and do routing rules from my router per device or subnet (for people who aren’t in my family I have a separate subnet I assign with more strict firewall rules)















  • It’s awesome. The packages don’t matter because you use distro box if there’s not a flatpak that works already. I have an Ubuntu distro box for tools for things that don’t work on fedora.

    It uses ublueos for an immutable which is rock solid. Idk how to explain it well, but it’s the only distro I want anymore.

    If u do end up trying it and find a package that doesn’t work, ping me and I’ll get you a command you can run to do it