thirdBreakfast@lemmy.world 4 months ago
Yeah na, put your home services in Tailscale, and for your VPS services set up the firewall for HTTP, HTTPS and SSH only, no root login, use keys, and run fail2ban to make hacking your SSH expensive. You’re a much smaller target than you think - really it’s just bots knocking on your door and they don’t have a profit motive for a DDOS.
From your description, I’d have the website on a VPS, and Immich at home behind TailScale. Job’s a goodun.
filister@lemmy.world 4 months ago
Just changing the SSH port to non standard port would greatly reduce the risk. Disable root login and password login, use VLANs and containers whenever possible, update your services regularly and you will be mostly fine