Comment on How much do you secure a home server that's only accessible with VPN?
CoreLabJoe@piefed.ca 1 week ago
Anything that I publicly expose, I have protected with multiple layers up and down my entire stack…
Comment on How much do you secure a home server that's only accessible with VPN?
CoreLabJoe@piefed.ca 1 week ago
Anything that I publicly expose, I have protected with multiple layers up and down my entire stack…
flint@lemmy.zip 6 days ago
This is such a nice overview. Thank you for sharing!
CoreLabJoe@piefed.ca 5 days ago
No worries, hope it helps, let me know if you have questions =)
flint@lemmy.zip 5 days ago
Actually, I was wondering:
I have used tailscale, and lately netbird, for remote access and it has worked well for Jellyfin streaming, ssh/rsync and accessing other WebUIs. All with non-default passwords of course.
However I have not set up any of the internal network hardening like OPNSense, VLANs or ReverseProxy. Is it safe to configure these remotely or am I risking locking myself out?
CoreLabJoe@piefed.ca 5 days ago
It can be done, just carefully. You can definitely accidentally block yourself out if you set a firewall rule up incorrectly, or in higher precedence of order for example. OPNsense (like almost every firewall known) processes rules in a “top down” order. So you put your blocks at the bottom!!!
Reverse proxy won’t lock you out, essentially that’s just slapping HTTPS on a webserver/service like Jellyfin, so you can access it without requiring a VPN.
Here’s a reverse proxy explainer, pt 2 is the actual setup!
lokalhorst@feddit.org 4 days ago
I access my home server with Jellyfin exclusively via Tailscale. Until now, I thought I was safe, as I haven’t opened anything to “the open internet”. After reading your very nice guide, I feel like I forgot a lot. Supposed I trust Tailscale, is that enough?