Comment on How do you facilitate remote access?
dr_robot@kbin.social 1 year ago
I expose my services to the web via my own VPS proxy :) I simply run only very few of them, use 2FA when supported, keep them up to date, run each service as rootless podman, and have a very verbose logcheck set up in case the container environment gets compromised, and allow only ports 80 and 443, and, very importantly, truly sensitive data (documents and such) is encrypted at rest so that even if my services are compromised that data remains secure.
For ssh, I have set up a separate raspberry pi as a wireguard server into my home network. Therefore, for any ssh management I first connect via this wireguard connection.
stark@qlemmy.com 1 year ago
I’ve been considering this setup. Are you using a VPN to connect the VPS and your home network?