Should I do the same if I want to expose an OpenAI compatible API to access an LLM to chat on local technical documents remotely?
Comment on How do I avoid becoming one with the botnet?
Wxfisch@lemmy.world 20 hours ago
Only expose services internally then use a secure VPN to access your services, this makes your network no more vulnerable in practice than not self hosting. If you need/want to expose something to the internet, make sure you setup your network right. Use a DMZ to separate that service and leverage something like CrowdSec along with good passwords, antivirus, and keep things patched.
corvus@lemmy.ml 19 hours ago
Wxfisch@lemmy.world 19 hours ago
It doesn’t usually matter what the service is, the basic concepts are the same. If you want to access a service you host on your internal network from another external network you either need to use a VPN to securely connect into your network, or expose the service directly. If you are exposing it directly you should put it (or a proxy like NPM) in your DMZ. The specifics of how to do this though will vary from service to service and with your specific network config.
BingBong@sh.itjust.works 19 hours ago
How do I check this? I route everything on my internal network only. But how should I make sure its not accessible remotely? I cannot just have these on an air gapped network.
Wxfisch@lemmy.world 19 hours ago
You can run a port scan against your public IP from another network to see what is open. But if you haven’t specifically set something up for external access through port forwarding you are probably fine.
slazer2au@lemmy.world 19 hours ago
Throw your IP into Shodan.io and see what it comes back with.