Inspired by this comment to try to learn what I’m missing.

  • Cloudflare proxy
  • Reverse Proxy
  • Fail2ban
  • Docker containers on their own networks

Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?

  • hperrin@lemmy.caEnglish
    61·
    23 hours ago

    One thing I do is instead of having an open SSH port, I have an OpenVPN server that I’ll connect to, then SSH to the host from within the network. Then, if someone hacks into the network, they still won’t have SSH access.

    • Chewy@discuss.tchncs.deEnglish
      2·
      22 hours ago

      I do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks less battery life.