this post was submitted on 10 Feb 2024
16 points (86.4% liked)

Selfhosted

40296 readers
185 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I set up an *arr stack and made it work, and now I'm trying to make it safe - the objectivly correct order.

I installed uncomplicated firewall on the system to pretend to protect myself, and opened ports as and when I needed them.

So I'm in mind to fix my firewall rules and my question is this: Given there's a more sensible ufw rule set what is it, I have looked online I couldn't find any answers? Either "limit 8080", "limit 9696", "limit ..." etc. or "open". Or " allow 192.168.0.0/16" would I have to allow my docker's subnet as well?

To head off any "why didn't you ?" it's because I'm dumb. Cheers in advance.

you are viewing a single comment's thread
view the rest of the comments
[–] rambos@lemm.ee 5 points 9 months ago (1 children)

Im bit confused tbh. Have you even forwarded any ports on your ISP router?

You are safe if you havent. You can use all arrs at home safely and stick with gluetun to hide your trafic from ISP. Its good to have firewall, but only people on your home network can access your server. You have opened only ports that you need in UFW and thats perfect.

In case you want to access your services when not at home, you have to deal with security and feels like most comments are about this. If this is what you are looking for then I would suggest setting up wireguard VPN or look into tailscale (or alternatives). Both options are safe enough IMO, much safer than exposing ports 80 and 443

[–] Fedegenerate@lemmynsfw.com 1 points 9 months ago

That's a relief. Thank you.