Cloudflare is just so nice. Handles ssl for all your sites automatically.
First off, don't expose anything that doesn't need exposed. If your the only one using it you could use a VPN or ssh.
Second off, make sure you isolate everything with firewalls. Your reverse proxy should only have access to each service and each service should only have access to the reverse proxy. You should also block non essential ports.
For the services themselves, make sure you use strong passwords and keep them updated. For docker you can use watchtower to automatically pull and deploy software.
I want to have the same setup as you! Do you have any guides on how you did it?
My router supported OpenVPN out of the box so I just use that and have remote connections disabled in all of my software
I'm curious what the other, more advanced users here have to tell me about it because I'm still new to the self hosted stuff and that was the first thing I thought of to do
Wireguard is just much faster connection-wise. Built into the kernel too. Since it came out I haven’t gone back to openvpn.
Nothing wrong with openvpn otherwise. More config options.
Something like Tailscale makes wireguard setup dead easy.
Twingate has been my go to. It’s amazing. Highly recommended.
Looks very similar to tailscale, thanks :)
My advice: only forward ports 8080 and 443, then make sure that you have fail2ban or crossed properly set up on your reverse proxy. After that, you are pretty much fine as long as you keep on top of updating your containers.
I would be careful about which apps you proxy. Idk why you need to access the admin portal for pi hole worldwide. If you really want to do that, you should set up a vpn.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!