I have a self hosted server running yunohost that I use for a few services for my own use all of which require login to use so they’re safe enough.

However I’m increasingly uncomfortable with the fact that anyone can discover my home IP via my domain name. Especially if I decided to install something like Lemmy or Mastodon.

Yunohost installs dyndns as part of it’s setup but, aside from buying a fixed IP from a VPN provider that allows incoming connections I’m not sure what other options I have

I can’t change very much on the modem router either. I can forward ports but that’s about it.

I can add and manage new domains if necessary.

Any and all ideas welcome but, as you can guess from the fact I’m using yunohost, my networking knowledge is limited so please eli5 :)

  • naeap@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    I’ve hidden everything behind Wireguard.
    externally my server doesn’t even have open ports. everyone who uses my services gets a Wireguard key.

    don’t know how many people you wanna service or if it’s just you - then Wireguard could be a viable solution

    • faultyaddress@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Same here, I’m too paranoid and checking access logs and attempts made me to stop keeping any other port open than wireguard.

    • otterpop@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      How do you handle services that run on devices that can’t implement wireguard, like say a Roku or something? Just don’t allow?

      • naeap@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        in my case Wireguard acts as access to my personal LAN, where all my services (in virtual containers or physical computers) are located. I’m just pointing to their address inside my LAN, which I can access through Wireguard.

    • dogmuffinsM
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is what I do.

      If all you have is a single open port listening for wireguard connections that’s a pretty small surface area to expose.

    • coffelov
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      But if I wanted to host a Lemmy instance I would need to open ports isn’t this the main issue of the post?