On my network, I have quite a few VLANS.

One for work, one for IoT devices, one for security cameras and home automation, one for Guests, etc.

I typically keep everything inward facing, with the only way to access them via my OpenVPN connection (which only can see specific services on specific VLANs).

Recently, I thought of hosting a little Lemmy instance, since I have a couple domains I’m not doing much with.

I know I can just expose that one system/NGINX proxy and the necessary ports via WAN, but is it best practice to put external facing things on their own VLANs?

I was thinking of just throwing it on my IoT VLAN, but if it were to be compromised, it would have access to other devices on that VLAN because (to my knowledge) you cannot prevent communication between clients within the same VLAN.

  • RxBrad@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 years ago

    Welp, I did it. One nice thing is that Cloudflare has an official WordPress plugin that applies recommended security settings.

    I will note that WordPress does not take kindly to being setup on http localhost, then put into a Cloudflare Tunnel. It goes into a redirect hell that I wasn’t able to figure out. You basically need to setup the tunnel, then run the WordPress install script from scratch.

    Exporting from http localhost to your URL on Cloudflare is also not fun. The import process fails at pulling in your photos. Luckily, my blog was mostly empty, so manually re-adding the media to the posts didn’t kill me.