this post was submitted on 29 Nov 2023
2 points (100.0% liked)

Self-Hosted Main

502 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
[email protected]
2
How to confirm home server security (alien.top)
submitted 9 months ago by [email protected] to c/[email protected]
8 comments fedilink hide all child comments
 

Is there a way to confirm that my home server's security is sufficient for most common attacks?

Externally, I only have the ports 80, 443 (Nginx-Proxy-Manager) and 51829 (Wireguard VPN) enabled on the router.

I have a Rpi4 and a mini PC connected to the router via ethernet cable. And I am using NPM for reverse proxy. Also enabled SSL for local DNS so I don't have to keep typing the IP addresses for each server.

All my apps are docker containers and they all use network_mode: bridge.

And finally, I have only two services open to internet. The media server and the Wireguard VPN. Got the free DuckDNS domains and configured in the NPM.

I haven't done any specific firewalls. Just using default Debian 12 settings and default Docker engine settings.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 9 months ago (1 children)

Audit-ssh and testssl.

Audit ssh shows all the algorithm in use and setting and shows then colored format like red bad and so on…

Same with testssl, which tls supported ? Https redirect ? What cipher suites etc … again all color coded.

Both available via homebrew for Mac.

If you use Mozilla recommended for ssh and ssl you should be fine

[–] [email protected] 1 points 9 months ago

Frankly these are useless. SSH is secure by default and will never support algorithms that could be possibly broken. Same for TLS 1.3