Hey all! For the longest time I’ve had a server that hosts some things (eg Syncthing), but is only available via SSH tunneling.
I’ve been thinking of self-hosting more things like Nextcloud and Vaultwarden. I can keep my SSH tunneling setup but it might make it difficult to do SSL.
How do you manage the security of having public-facing servers?
Isolate your programs, keep the critical stuff away from the public using tailscale or a VPN, hell, even an SSH tunnel could work in your case, make sure to keep different password for each software for your database. If possible virtualize each software to keep them from communicating to other softwares. This is how i manage my infrastructure (or should be, i haven’t gotten yet to use tailscale for admin only websites).