• 0 Posts
  • 30 Comments
Joined 1 year ago
cake
Cake day: July 21st, 2023

help-circle


  • Lyricism6055@lemmy.worldtoSelfhosted@lemmy.worldHelp me harden my home server
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 month ago

    I still use a reverse proxy, but to get into my network you need to be on VPN. It’s more secure for me I guess.

    I use traefik forward auth, even inside my network on VPN, for an extra layer of security for some apps.

    My opinion is that port 443 getting accidentally misconfigured by me is just too likely a scenario. With wireguard on my router I also am able to restrict traffic to ONLY my webserver and DNS servers for my devices.

    So I guess that’s another positive of wireguard, you can use your own DNS servers for all your phones all the time and always have ad blocking with pihole or something similar, even on mobile.

    By using VPN I don’t have to worry about accidentally exposing a website with a copy paste error or something over my reverse proxy. I can also easily restrict who has access to my VPN and do routing rules from my router per device or subnet (for people who aren’t in my family I have a separate subnet I assign with more strict firewall rules)