Hey guys,
Currently im just running calibre and nextcloud docker containers over the web, with a ddns from noip and a cloudflare domain. But i also want to setup a vaultwarden container too, so now i need to really consider the security of my server. What are the main things to watch out for? Calibre and nextcloud are just using subdomains, is it okay to have a subdomain to connect to vaultwarden? Am i better off just trusting bitwarden and sticking with them?
Thanks!
I just use wildcard domain that points to my local IP of my homelab. For example, *.myhomelab.com points to 192.168.1.111 (the local IP of my machine). Then, reverse proxy routes my traffic. Here are some great vids about it: by Wolfgang, by Christian Lempa, and by TechnoTim
To access my home network from outside, I use WireGuard VPN. So, I have the only one open port to the global web. I also use a random port, to dodge some bots. I use DDNS to access my VPN server, since I have a dynamic IP.
I know some people use Tailscale (it uses WireGuard under the hood) so check it out too.
Personally, I use wgeasy container to work with WireGuard, but it’s so easy to be manually configured.
I’m not an expert in security or system administrating. I’m just a regular software developer, and homelabbing is my hobby. However, I have common sense of the security basics. I consider every open port as a potential vulnerability that could be exploited by hackers. So less open ports -> less security risks. Also, using VPN to access my home network adds additional layer of security. Adding 2FA for each service is also a great idea.
Here is an alternative Piped link(s): https://piped.video/watch?v=qlcVx-k-02E
https://piped.video/watch?v=TBGOJA27m_0
https://piped.video/watch?v=liV3c9m_OX8
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.