Inspired by this comment to try to learn what I’m missing.

  • Cloudflare proxy
  • Reverse Proxy
  • Fail2ban
  • Docker containers on their own networks

Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?

  • hperrin
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    22 hours ago

    One thing I do is instead of having an open SSH port, I have an OpenVPN server that I’ll connect to, then SSH to the host from within the network. Then, if someone hacks into the network, they still won’t have SSH access.

    • Chewy@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      21 hours ago

      I do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks less battery life.