Comment on How much do you secure a home server that's only accessible with VPN?
i_stole_ur_taco@lemmy.ca 1 week ago
I use pangolin and traefik together and expose a few of my services that way. But not everything.
I slot services into categories based on:
- do I really need to be able to access this externally?
- …with full admin rights?
- what write/delete access am I granting?
- if an attacker got in, how much damage could they do with what they could access?
Then the service is either not externally open at all, secured behind pangolin SSO, or secured behind pangolin SSO AND that service’s native auth. Which is an annoying double auth, but I feel like it’s another layer of protection in case one of them gets a 0-day exploit.