I currently have a server that I use for plex, torrents, kodi, smb, etc. Pretty much everything runs in docker. My router offers a dynamic dns service but I’d like to migrate away from it in case I ever get a different router.
The way it currently works, when I spin up a new service or docker container I go into the router and go to NAT Forwarding -> Virtual Servers and put in the external port and internal IP/Port. I don’t know of any other port forwarding settings on my router.
I’m concerned about the security of my setup because at present I don’t have SSL on any of my services. I also am concerned that this machine is pretty much directly exposed to the internet. What is the best way to migrate this to a more router-neutral config that’s more secure?
Do I use Traefik? Nginx Proxy Manager? Authentik? A different dynamic DNS? Cloudflare tunnels? Getting everything up and running with docker was a challenge when I started but I feel pretty comfortable with it now. This part with the networking and security is what I’m still struggling with. Appreciate your help
Do you really want all these services be publicly accessable? Because the more services are publicly accessable the bigfer your attack surface is.
First set up a reverse proxy, a vpn and a local dns like pihole. Only port forward the reverseproxy. And only allow public acess for the public services.
Setup local hostnames for the other services with the local dns.
Only give internal access to these services.
But with the vpn you can get these services from everywhere.