Hello most excellent Selfhosted community,
I’m very new to this and am confused about how vulnerable my server and/or home network is with my current setup.
I just got a basic server up and running on a machine with proxmox and a DAS for 10tb of storage. I’ve got two LXCs running for a docker deployed arr stack and jellyfin+jellyseer stack. The proxmox server is connected to a router attached to a fiber ONT. Everything is accessed over the home LAN network and that’s it.
Everything is working correctly and my containers are all talking to each other correctly via ip addresses (gluetun network on the arr stack container). I’ve been reading up on reverse proxies and tailscale to connect to the server from outside my LAN network, and it’s mostly gone over my head, but it did make me concerned about my network security.
Is my current set up secure, assuming strong passwords were used for everything? I think it is for my current uses - but I could use a sanity check, I’m tired. I’m open to any suggestions or advice.
I own a domain that I don’t use for anything, so it would be cool to get reverse proxy working, but my attempts so far have failed and I learned I’m behind a double NAT (ONT and router) - and attempts to bypass that by setting the ONT into bridge mode have also failed. I don’t really need to access anything from outside my home network right now - but I would like to in the future.
Depends on your threat model, but you’re probably fairly secure from remote unauthorized access right now.
Given that I’m American, I would put the *arr stack behind a dedicated VPN container like gluetun and set Gluetun up using a “no logs” VPN.
For remote access, Tailscale can probably get around that double NAT. If you have it on your devices as well as your server, you won’t necessarily need to expose anything publicly.
If that’s not an option, you could set up an external VPS to run a reverse proxy (Caddy perhaps) and use the Tailscale connection to connect the VPS to your home server. There are fully self hosted ways to do this (Headscale comes to mind), but Tailscale is how I personally would solve this.