Comment on How safe is self-hosting a public website behind Cloudflare?
linearchaos@lemmy.world 5 months agoYou need to have a rather capable router / firewall combo.
You could pick up a ubiquity USG. Or set up something with an isp router and a PF sense firewall.
You need to have separate networks in your house. And the ability to set firewall rules between the networks.
The network that contains the hosting box needs to have absolutely no access to anything else in your house except it’s route out to the internet. Don’t have it go to your router for DHCP set it up statically. Don’t have it go to your router for DNS, choose an external source.
The firewall rules for that network are allow outbound internet with return traffic, allow SSH and maybe VNC from your home network, then deny all.
The idea is that you assume the box is capable of getting infected. So you just make sure that the box can live safely in your network even if it is compromised.
Gooey0210@sh.itjust.works 5 months ago
(I just noticed i replied to your another comment, but still to you 😬)
Now i’m a little bit confused, what does it do then?
If the box doesn’t have access to anything on the network, how would it do anything?
linearchaos@lemmy.world 5 months ago
The box you’re hosting on only needs internet access to connect the tunnel. Cloudflare terminates that SSL connection right in a piece of software on your web server.
Gooey0210@sh.itjust.works 5 months ago
I mean, what does it host if the only thing it has access to is the internet?