zlacker

[return to "A story on home server security"]
1. j_bum+mp[view] [source] 2025-01-05 16:41:16
>>todsac+(OP)
Ok - curious if anyone can provide some feedback for me on this.

I am running Immich on my home server and want to be able to access it remotely.

I’ve seen the options of using wireguard or using a reverse proxy (nginx) with Cloudflare CDN, on top of properly configured router firewalls, while also blocking most other countries. Lots of this understanding comes from a YouTube guide I watched [0].

From what I understand, people say reverse proxy/Cloudflare is faster for my use case, and if everything is configured correctly (which it seems like OP totally missed the mark on here), the threat of breaches into to my server should be minimal.

Am I misunderstanding the “minimal” nature of the risk when exposing the server via a reverse proxy/CDN? Should I just host a VPN instead even if it’s slower?

Obviously I don’t know much about this topic. So any help or pointing to resources would be greatly appreciated.

[0] https://youtu.be/Cs8yOmTJNYQ?si=Mwv8YlEf934Y3ZQk

◧◩
2. depaul+6q[view] [source] 2025-01-05 16:46:32
>>j_bum+mp
Piggybacking on your request, I would also like feedback. I also run some services on my home computer. The setup I'm currently using is a VPN (Wireguard) redirecting a UDP port from my router to my PC. Although I am a Software Engineer, I don't know much about networks/infra, so I chose what seemed to me the most conservative approach.
◧◩◪
3. bennyt+Zs[view] [source] 2025-01-05 17:09:32
>>depaul+6q
To both of you, wireguard is the way to go.

So, parent poster: yes, you are doing it right.

Grandparent: Use a VPN, close everything else.

◧◩◪◨
4. j_bum+lt[view] [source] 2025-01-05 17:12:28
>>bennyt+Zs
Thanks, Benny!
[go to top]