Any guides on how to host at home? I’m always afraid that opening ports in my home router means taking the heavy risk of being hacked. Does using something like CloudFlare help? I am a complete beginner.

Edit: Thanks for all the great response! They are very helpful.

  • Invalid@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Cloudflare yes. Even if you aren’t using tunnels it will help obfuscate your real ip. If you are hosting personal services you can also block access from countries you don’t expect to access them from.

    Also it seems most bots scanning domains are checking www and the base domain url. I recommend pointing those at a vps or something like GitHub or substack if you don’t need it for something else.

    Use a reverse proxy that 404s anything besides the subdomains you are actually using. Always use wildcard certs to avoid exposing subdomains and obfuscate your subdomains for common services to make them hard to guess.

    Isolate your servers from the rest of your network with vlans if possible.

    You will never be fully immune so all you can do is add more layers and roadblocks.

  • x4740N@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    One way to think of being secure is “how can this be abused”

    Its a good way to think of how you can secure stuff

  • jadedctrl@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    From what I understand, opening a port isn’t a risk in and of itself — it’s only a risk if the software using the port is insecure! So long as you use reliable software and take care to configure things properly (following through with instructions from a site like ArchWiki or the official documentation helps), you’re good.

    CloudFlare is more for DDOS protection, which you almost certainly don’t need . You could always set up DDOS protection later on, if the need ever arises.

  • dustojnikhummer@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    The most secure one would be not opening anything out, and using Tailscale to VPN into your home network.

    If you want to open stuff, Cloudflare + letsEncrypt + good router/firewall will be a start.

  • zebus@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Tailscale, super easy install, sets up a VPN into your services, no port opening needed