this post was submitted on 12 Apr 2025
61 points (98.4% liked)

Selfhosted

46197 readers
311 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
61
If Nothing is Exposed, Am I Safe? (lemmy.dbzer0.com)
submitted 1 week ago* (last edited 1 week ago) by No_Bark@lemmy.dbzer0.com to c/selfhosted@lemmy.world
16 comments fedilink hide all child comments
 

Hello most excellent Selfhosted community,

I'm very new to this and am confused about how vulnerable my server and/or home network is with my current setup.

I just got a basic server up and running on a machine with proxmox and a DAS for 10tb of storage. I've got two LXCs running for a docker deployed arr stack and jellyfin+jellyseer stack. The proxmox server is connected to a router attached to a fiber ONT. Everything is accessed over the home LAN network and that's it.

Everything is working correctly and my containers are all talking to each other correctly via ip addresses (gluetun network on the arr stack container). I've been reading up on reverse proxies and tailscale to connect to the server from outside my LAN network, and it's mostly gone over my head, but it did make me concerned about my network security.

Is my current set up secure, assuming strong passwords were used for everything? I think it is for my current uses - but I could use a sanity check, I'm tired. I'm open to any suggestions or advice.

I own a domain that I don't use for anything, so it would be cool to get reverse proxy working, but my attempts so far have failed and I learned I'm behind a double NAT (ONT and router) - and attempts to bypass that by setting the ONT into bridge mode have also failed. I don't really need to access anything from outside my home network right now - but I would like to in the future.

you are viewing a single comment's thread
view the rest of the comments
[–] Onomatopoeia@lemmy.cafe 3 points 1 week ago* (last edited 1 week ago)

The proxmox server is connected to a router attached to a fiber ONT.

If you want to be extra secure, there's no reason the server needs internet connectivity/exposure at all (it should be safe as-is). Put it on its own VLAN with only specified ports open to your home LAN. That would be one extra layer from the internet - if admin/remote ports can't be accessed via the internet connection LAN, then no way for an outsider to get into it (you'd have to provide other ways of accessing the server to admin it, either KVM, or a machine on that VLAN, etc).

You DO NOT need to do this, just adding an idea about how to make stuff more secure.