52
submitted 1 year ago by cyberwolfie@lemmy.ml to c/homelab@lemmy.ml

I am still very much a novice in the self-hosting space, Linux etc. having fairly recently switched from using macOS as my daily driver and not tinkering much at all.

One of the things that often confuses me is networking and making sure my setup is secure. This is currently holding me back from hosting more stuff locally that I would require access to from outside my home, as I am afraid I am doing something that could severely compromise my data. It can sometimes be difficult to follow explanations from more advanced users due to the many different components of networking and security, and different layers of abstraction, which prevents me from following completely. I might understand one particular case, but then be unable to make connections to another one. So I would want to research this more intensively, and ideally I would end up being able to easily understand the data flows - the paths the data takes (e.g. I make a HTTPS request to some server from my laptop, how is that traffic routed correctly through my local area network and later the wide area network), in what forms (i.e. different protocols, encryption layers etc.).

In communities like this, I see there are a lot of very knowledgeable people who maybe could recommended any resources that cover this from the basics and onto more advanced stuff? Maybe a textbook from a university course on ICT that is considered particularly good? A YouTube channel with great explanations and visualizations? I am looking both at home LAN and internet in general. Enterprise level networks are not very interesting to me (at the moment).

you are viewing a single comment's thread
view the rest of the comments
[-] FuckyWucky@hexbear.net 2 points 1 year ago* (last edited 1 year ago)

I use wildcard tls certs and wildcard dns records for my domains. this ensures that no service can be easily accessed unless you have full domain name. For example If you have plex and deluge then you have to set dns records to plex.abc.xyz and dns.abc.xyz. This can be seen by anyone else trying to find vulnerabilities. But if you have wildcard certs/dns, all anyone can see from outside is *.abc.xyz, only the reverse proxy (eg nginx) knows the domain.

Don't forward any ports unless you have to. Don't run any service on 0.0.0.0 unless you have to. Incoming ports on the internet can be super dangerous.

A safe way to do self hosting is with WireGuard, just setup a wireguard container on the server then you can access all the services anywhere when connected from a client without exposing any tcp ports.

For connections why not try traceroute? mtr traceroute

To see things within a packet you can use WireShark.

this post was submitted on 06 Nov 2023
52 points (98.1% liked)

homelab

6653 readers
10 users here now

founded 4 years ago
MODERATORS