What can I do to make this more secure? - eviltoast

I’m just a novice at self hosting and I see a lot of talk about the risks of exposing stuff to the world. Here’s my setup:

-Rpi4 hosting Overseerr
-Desktop computer hosting Nginx and some Cloudflare DDNS update containers

Cloudflare directs request.domain.com to my home IP address. Nginx forces HTTPS and directs the request to the Pi.

Is there any risk in this setup or are there more steps I can take to secure it?

    • Shdwdrgn@mander.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I assumed as much by your question, that’s why I mentioned it… 😄 Do some research, at least set up some basic rules to only allow the connections that you want accessing your public stuff. My first web server got hacked so badly in the first week of having it only that it couldn’t even be logged in to, so I had to start over from scratch.

      As a quick primer… a firewall basically denies everything, then you poke holes in it to allow specific things. A typical example from when I started was sharing folders between Windows machines – turns out anybody with an internet connection could ALSO see those and make changes to my files! Add a firewall and don’t allow the sharing ports, and now nobody can see them. The “block-all” feature also protects you in case you make mistakes in your setup such as running an SQL server and not controlling who has access to it.