this post was submitted on 07 Aug 2025
17 points (94.7% liked)

Self Hosted - Self-hosting your services.

15344 readers
3 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Cross-posting

If you see a rule-breaker please DM the mods!

founded 4 years ago
MODERATORS
Zoe8338@lemmy.ml
dogmuffins@lemmy.ml
testman@lemmy.ml
17
[Question] Why should I not open ports to the internet on my home router? (lemmy.world)
submitted 6 days ago by Auth@lemmy.world to c/selfhost@lemmy.ml
25 comments fedilink hide all child comments
 

I'm in the process of setting up homelab stuff and i've been doing some reading. It seems the consensus is to put everything behind a reverse proxy and use a vpn or cloudflare tunnel.

I plan to use a VPN for accessing my internal network from outside and to protect less battle tested foss software. But I feel like if I cant open a port to the internet to host a webserver then the internet is no longer a free place and we're cooked.

So my question is, Can I expose webserver, SSH, WireGuard to the internet with reasonable safety? What precautions and common mistakes do I need to watchout for.

you are viewing a single comment's thread
view the rest of the comments
[–] sainth@lemmy.world 7 points 6 days ago (1 children)

You can. I recommend making sure you have logging in place so you know what's going on. This could include not just service logs but firewall logs as well. You might want to rate limit the connection attempts for SSH and WireGuard and consider Fail2Ban or something similar.

[–] chonkyninja@lemmy.world 5 points 6 days ago

Fail2ban is useless for a wireguard endpoint. Wireguard never sends a response unless there’s a valid signed handshake request. It’s basically a blackhole.