this post was submitted on 21 Nov 2023
2 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
communick@selfhosted.forum
2
Securing my network (alien.top)
submitted 11 months ago by conrat4567@alien.top to c/main@selfhosted.forum
5 comments fedilink hide all child comments
 

Hi, I apologise if this isn't the right place to ask for advice or if I come across as stupid. I work in IT and have started to run my homelab. It's mainly local stuff like a NAS and media server but I do have a Home assistant instance running. I was always a hardware guy but with my role growing I felt I needed to learn about networking and how a network runs services on the Internet.

I own a domain and use NGINX to point to my HA box. Cloudflare points my domain to my local IP via plugin that watches for changes as I understand it. Currently Home assistant and NGINX are open on my router but I'm pretty sure I made them open only to the two static IPs running my services. Cloudflare seems to mask my local IP when pinging my domain but I'm sure there are ways around it.

I want to eventually run a Minecraft server and a few other bits as a hobby but I'm conscious of the security risk of opening up ports and exposing my servers to the Internet. Is there a way I can secure my network even more? Am I doing this wrong?

Again I apologise I'd this is the wrong place or I come off as stupid. While Networking and Hardware are my specialty at work, the buck stops at the router

top 5 comments
sorted by: hot top controversial new old
[–] Ariquitaun@alien.top 1 points 11 months ago (1 children)

Use vlans to create a dmz you can place a server only for public Internet facing stuff.

[–] conrat4567@alien.top 1 points 11 months ago

Thank you. VLANs seem to be the common consensus. Time to play around with my switches lol

[–] Still-Snow-3743@alien.top 1 points 11 months ago (1 children)

One thing nobody has mentioned here, I run all my services as a docker container. It makes them very easy to back up, and very easy to segregate. If a service gets compromised, in theory, it's isolated to what it can access inside the docker container and can't compromise the host. And if you delete and rebuild the container, any damage done in the container dies with it.

Running home assistant with docker is as simple as the command:

sudo docker run -d \

--name homeassistant \

--restart=unless-stopped \

-e TZ=America/Chicago \

-v $(pwd)/homeassistant:/config \

--network=host \

homeassistant/home-assistant

There is of course, more details to learn and the devils are in the details, but thankfully anything you want to know on how to set up your network in this regard you can just ask chatgpt.

[–] conrat4567@alien.top 1 points 11 months ago (1 children)

You can ask Chat GPT?

That I did not know lol. Thanks for this. My NGINX is running in a container as well as the Cloudlfare plugin but my HA has its own server. A bit overkill but its just to future proof as I plan on automating a lot and having a NUC dedicated to that seems sensible.

[–] Still-Snow-3743@alien.top 1 points 11 months ago

Oh dude, yeah ChatGPT knows Linux and docker better than I do and I've been doing this sort of thing professionally for 15 years, lol. Whatever you need as far as writing scripts, invoking containers, or generally asking it questions, you can just consider it an expert network administrator and it can write all your scripts and whathaveyou.

One of the best moments this year was when I realized I never had to figure out how to write an iptables command again lol