Ask HN: How do you secure your home server?
I am getting into self-hosting and it seems it takes an awful lot of work to secure your general-purpose Linux distribution.[0] I am surprised that the default seems to be to do all of this by hand.
How do you deploy a secure Linux home server? Are there distros that are pre-configured for this purpose? Do you use any Ansible playbooks (or other scripts)? Or do you indeed implement all security measures manually?
[0]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
2 comments
[ 3.2 ms ] story [ 16.3 ms ] threadOnce I realized that its a few hours work for a server that's going to be online for years then the work doesn't seem so bad.
If I was making a routine out of setting up these kind of things all-the-time i'd consider some kind of scripted install, but that's not what i've found myself having to do.
I have a raspberry Pi which is dedicated to two jobs only: as a web server and as a UPS controller. My main machine covers ftp and ssh. The router forwards the relevant ports to the relevant server.
There are surprisingly few ports that need to be open between your network and the outside world: ssh, ftp, http, https is pretty much it. Every other port is blocked. This is mine:
When you organise the ufw firewall on the server don't forget to allow both IP version 4 addresses and IP version 6 addressesMake a note of what you've done, or bookmark the website URLs of the 'Howto Websites' if you use one of those.
You can use a site-checker to see what your firewall is doing: http://ports.my-addr.com/check-all-open-ports-online.php