this post was submitted on 12 Jun 2023
499 points (100.0% liked)
Selfhosted
577 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
> Any issues on the community? Report it using the report flag.
> Questions? DM the mods!
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Thanks, I agree with you and have a similar approach. I'm mostly interested in learning best practices, I don't bother hosting juicy targets like Bitwarden. If an attacker really wants to put in the work to get the scanned manual for my 2009 Black & Decker toaster oven I probably can't stop them.
For best practice, my personal recommendation would be to not have any service public facing besides a VPN that requires MFA. segment self hosted services into separate VLANs based on how sensitive the content is. Disallow all traffic between VLANs unless required and only allow based on port number, specific resources needed. Don't forgot to disable outgoing Internet access unless required. Devices like Chinese made video cameras should never have an Internet connection.
My network looks something like: home vlan, work vlan, Netflix \ hulu streaming devices, cctv, wireless work, wireless home, wireless guest, iot, servers, network management. Would be way overkill for vast majority of people, but I would be hypocritical not to considering what I do and I do have a different threat profile than most.
Another thought: self hosted through VPN with MFA and nothing public facing is probably safer than cloud as long as you have cold backups.