Hi, I know this topic has been talked about 70 thousand times but I’m still not sure.
I have home server on an intel NUC behind the ISP router. On it I have the standard arr apps, jellyfin, pi-hole etc etc. I would like to access them through a domain rather than an IP. So I set them up in docker, behind traefik, behind authelia and behind cloudflare. I am the only one that uses it.
Now, I’m worried about the security of it all. I’ve been searching here and there and I’ve read about cf tunnels, wireguard server, vps, vlan, OPNsense etc etc. I still don’t know what would be the most secure. Should I just stay with what I have?
EDIT: I’m not behind CGNAT
I would go with wireguard VPN or something like cloudflare tunnels or tailscale. With wireguard you’ll need to open up an external port and forward to your VPN host, but wireguard uses UDP so no one can probe it for responses. CF tunnels and tailscale you don’t have to open up holes in your firewall which is nice.
You also have the option of using a proxy and opening up 443 publicly on your firewall, but unless you know what you’re doing I’d leave that closed until you learn more.
Nah, that sounds complicated. Just open port 22 and forward it your server.
deleted by creator
Trueeeeeee. Then post your ip here so you can recall it later.
deleted by creator
127.0.0.1
There’s no place like it!
Hey thats where i download my ram
Thanks, doing that now ;) /s
Mmmmmm, tunnels sound boring haha I might try figuring out wireguard. Do you have any trusted guides on it? Or should I just google :P
Honestly it couldn’t be simpler. Look at wg-easy docker container. You’ll be up and running in 10 minutes.