Comment on Feedback on Network Design and Proxmox VM Isolation
DeltaTangoLima@reddrefuge.com 10 months agoWhat would you do, for a basic homelab setup (Nextcloud, Jellyfin, Vaultwarden and such)?
I guess my first question is are you intending to open up any of these to be externally available? Once you understand the surface area of a potential attack, you can be a lot more specific about how you protect yourself.
I have just about everything blocked off for external access, and use an always-on Wireguard VPN to access them when I’m not home. That makes my surface area a lot smaller, and easier to protect.
Pete90@feddit.de 10 months ago
Only Nextcloud if externally available so far, maybe I’ll add Vaultwarden in the future.
I would like to use a VPN, but my family is not tech literate enough for this to work reliably.
I want to protect these public facing services by using an isolated Traefik instance in conjunction with Cloudflare and Crowdsec.