this post was submitted on 22 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

502 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
[email protected]
1
Security Concerns: Exposing My Local RESTful API to the Internet via Cloudflare Tunnel – Is My Home Network at Risk? (alien.top)
submitted 11 months ago by [email protected] to c/[email protected]
17 comments fedilink hide all child comments
 

Hello guys, I'm have little to no experience when i have to deal with networking or cybersecurity.

I recently created a backend RESTful API on my Ubuntu VM on my personal desktop and dockerized the app, connecting it to a bridge network named 'tunnel.' I also have the Cloudflare Docker hosted in the same 'tunnel' network, which allows my local RESTful API Docker to be accessible via my domain and exposed to the internet.

Can anyone help me understand if this setup poses any security risks to my home network?

If so, what should I do to help reduce the risk? I have read that firewall helps, but does a restful api container developed with golang requires it?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 11 months ago (1 children)

Stick your services in a DMZ. It’s easy to setup with PFSense. Don’t allow traffic from your service to anywhere that it shouldn’t go. If your API contains any vulnerabilities, they could be abused to pivot into the internal network. Now, it’s not likely, but it’s certainly possible. Especially if those APIs are from someone open source project or something, if a vuln gets discovered it’s likely to be targeted en-mass.

[–] [email protected] 1 points 11 months ago

Ahhh, got it. I think implementing DMZs and having additional hardware to run my services seems to be the safest option. But yea, thanks alot!