|
|
|
|
|
|
by epcoa
1095 days ago
|
|
|
> I run it in Docker at home and through a reverse proxy on a cheap VPS (don’t want to expose any ports at home) What is the benefit of running the reverse proxy vs just opening the port? It would seem whatever attacks viable on the directly opened port could just as well be carried out on the proxy port. |
|
|
Also, all traffic is tunneled through wireguard and my home IP has no ports open. Since I'm behind CGNAT, my home is really hard to DDoS now. If I'm ever attacked, I'll just turn off the VPS.
Ultimately, I had the choice between paying €2/month for a fixed IPv4 at my ISP, or spend a little more (€5) on a Hetzner VPS that would also give me space for hosting some websites with a great uplink. So I went with the latter.
I will likely add CrowdSec soon which will give additional protection. To my knowledge, it's not available for Plex without a reverse proxy.
I've also contemplated using Cloudflare Zero Trust (Cloudflare Access) instead, and might yet switch to it - I just refrained from it for now because I read on Reddit that running Plex through that might be a ToS violation (streaming). I've to check the ToS and see if that's true. Also, I run a Minecraft server for my kids and their friends, which isn't compatible with Cloudflare ZT, so - I need the reverse proxy anyway.