New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
VPS/Dedis for homelabs
ColonelPanic
Member
in General
I've a kimsufi dedi and am starting to configure this with cloudflare and letsencrypt to help keep it secure for my portainer/traefik home-away-from-home-lab. Is it a bad idea to have docker containers locked down with regular app logins, exposed to the universe on a subdomain and https?
Ultimately, if I'm p0wnd, there's nothing important hosted, that can be used to clear my bank accounts, but still... Anybody else doing this? Curious to hear people's perspectives and approaches.
Comments
Different people have different opinions likely. I use tailscale personally to help lock a VPS down (from the network side). Most services i'll limit to my tailscale network unless it absolutely needs universal access (in my case most don't). In Cloudflare you can then point a cname record to a tailnet DNS name and setup LE through caddy or traefik or nginx to use DNS challenges to update the cert and have those services only accessible on your tailnet.
I do the same as you, and i don't self host critical stuff like passwords. I think if you keep your software up-to-date it’s ok. I use cloudflare but even that I don't think it’s really necessary for my use case.