|
|
|
|
|
|
by q0uaur
42 days ago
|
|
|
definitely don't expose any management interfaces to the open internet. personally, i manage my homelab through ssh via the commandline, and key-based ssh auth is secure enough for my threat model (i am considering switching the entrypoint machine to a BSD though, to avoid the kind of bugs distros sometimes introduce). but a webserver and a few containerized services seem pretty low risk to me, so i do have a few of them exposed via reverse proxy. The more sensitive one behind Authelia via the forward-auth pattern, which i feel like is a really good fit for homelabs. |
|
|