Hey guys,

after reading up on selfhosting for weeks now I finally decided to take the plunge today and tried setting up my own nextcloud & jellyfin instances. For this purpose I am using a mini PC. (similiar to an Intel NUC)

Now I would like to make both services available to the internet so I could show images to friends while I’m at their place / watch movies with them.

The problem is I am currently not very educated on which security measures I would have to take to ensure that my server / mini PC doesn’t immediately become an easy target for a hacker, especially considering that I would host private photos on the nextcloud.

After googling around I feel like I find a lot of conflicting information as well as write-ups that I don’t fully grasp with my limited knowledge so if you guys have any general advice or even places to learn about all these concepts I would be absolutely delighted!

Thank you guys sooo much in advance for any and all help, the c/selfhosted community has been nothing but a great resource for me so far!!!

  • Reborn2966@feddit.it
    link
    fedilink
    English
    arrow-up
    16
    ·
    edit-2
    1 year ago

    i have a lot of stuff exposed to the web. i got a domain from godaddy, attached my public ip and created a subdomain for each service. than i have traefik that manage the tls and route each subdomain to each of the docker containers.

    in total i have exposed 80, 443, and a random port i use for ssh. of course ssh is only by public key.

    now i’m trying to set up fail2ban on the exposed services since someone could bruteforce them.

    • Haui
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      That sounds pretty cool. So far, I have everything running behind vpn but a more integrated solution would totally make sense. A lot of apps have their own brute force throttling (such as nextcloud) btw.