[-] sftp@lemmy.world 7 points 1 year ago

I just use wildcard domain that points to my local IP of my homelab. For example, *.myhomelab.com points to 192.168.1.111 (the local IP of my machine). Then, reverse proxy routes my traffic. Here are some great vids about it: by Wolfgang, by Christian Lempa, and by TechnoTim

To access my home network from outside, I use WireGuard VPN. So, I have the only one open port to the global web. I also use a random port, to dodge some bots. I use DDNS to access my VPN server, since I have a dynamic IP.

I know some people use Tailscale (it uses WireGuard under the hood) so check it out too.

Personally, I use wgeasy container to work with WireGuard, but it's so easy to be manually configured.

I'm not an expert in security or system administrating. I'm just a regular software developer, and homelabbing is my hobby. However, I have common sense of the security basics. I consider every open port as a potential vulnerability that could be exploited by hackers. So less open ports -> less security risks. Also, using VPN to access my home network adds additional layer of security. Adding 2FA for each service is also a great idea.

sftp

joined 1 year ago