• 0 Posts
  • 2 Comments
Joined 10 months ago
Cake day: November 27th, 2023
  • gringo_9210@alien.topBtoSelf-Hosted Main@selfhosted.forumSecure network for self hosting.English
    1·
    10 months ago

    The choice of router doesn’t do much as most if not all consumer-grade home routers these days have built-in firewalls enough to block most intrusions on network esp. without open ports. If self-hosting a website at home then make sure to secure the two opened web hosting ports (TCP ports 80/443) with UFW, Fail2Ban, or even Port Knocking on for ex. Linux. Don’t forward but limit access (locally) to SSH port. Encrypt your DNS (DoH, DoT, etc.) at home by running either AdGuard Home or Pi-hole.

    Also proxy DNS via Cloudflare & make sure to use full (strict) end-to-end SSL encryption (DNSSEC enabled). Use stronger security headers & SSL encryption parameters (minimum TLSv1.2, SSL ciphers, stapling & ECDH curve, etc.). Use a software firewall on your websites such as Wordfence, Sucuri, or BBQ Pro on Wordpress.

    Don’t overkill with your network setup. If you’re just gonna be running a website that serves primarily cached or preloaded static pages then it’s no use spending hundreds of dollars for it. Even a wireless Rasp. Pi Zero W is an overkill for such a setup.

  • gringo_9210@alien.topBtoSelf-Hosted Main@selfhosted.forumSelf hosting your website at home - my experience so farEnglish
    1·
    10 months ago

    The choice of router doesn’t do much as most if not all home routers these days have built-in firewalls enough to block most intrusions on network without open ports. If self-hosting a website at home then make sure to secure the two web hosting ports (TCP port 80/443) with UFW, Fail2Ban, or even Port Knocking on for ex. Linux. Don’t forward but limit access (locally) to SSH port. Encrypt your DNS (DoH, DoT, etc.) at home by running either AdGuard Home or Pi-hole.

    Proxy DNS via Cloudflare & make sure to use full (strict) end-to-end SSL encryption (DNSSEC enabled). Also, use stronger security headers & SSL encryption parameters (minimum TLSv1.2, SSL ciphers, stapling & ECDH curve, etc.). Use a software firewall on your websites such as Wordfence, Sucuri, or BBQ Pro on Wordpress.

    Don’t overkill with your network setup. If you’re just gonna be running a website that serves primarily cached & preloaded static pages then no use spending hundreds of dollars for it. Even a wireless Rasp. Pi Zero W is an overkill for such a setup.