:

submitted a long while ago by @ to c/@

0 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Fedegenerate@lemmynsfw.com 1 points 4 months ago

Just trying to keep outside/malicious actors from entering my stuff while also bring able to use my stuff. More safer is more better, but I'm trying to balance that against my poor technical ability.

My priority list is free>easy>usable>safe. Using UFW seemed to fit, but you're right, punching holes in it defeats the purpose Which is why I wanted to only allow local network and have only the necessary ports open. You have given me lots of terms to Google as a jumping off point so thank you.

[-] AtariDump@lemmy.world 8 points 4 months ago* (last edited 4 months ago)

VPN back into your network. Only open the VPN port on your router. Use certificates based VPN.

[-] Kushan@lemmy.world 3 points 4 months ago

The guy above you gives great advice. Set up SWAG, then the only ports you're exposing are 443.

Once you have that set up, look at adding something like authelia. This will give you 2FA on top of those apps meaning even if someone guesses the password and the URL to access them, they still won't be able to.

[-] dan@upvote.au 1 points 4 months ago

adding something like authelia.

I used to use Authelia, but Authentik is nicer since it's mostly configured through a web UI. It also supports SAML for services that don't support OpenID Connect. It also has a proxy mode like Authelia, but that's not recommended if the service has proper SSO support. There's just a bit of an initial learning curve.

[-] Kushan@lemmy.world 1 points 4 months ago

Yeah honestly either solution is a solid one

this post was submitted on 01 Jan 0001

0 points (NaN% liked)

0 readers

0 users here now

founded a long while ago