this post was submitted on 18 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Heya, I feel pretty dumb to not know much about this. I've been searching endlessly for hours, but couldn't personally find anything that answers my question, so I decided to ask you guys who actually know how these things work.

So, I have setup a Fedora Server to my old unused MacBook. It's connected to a modem via ethernet cable, and I use it to run Docker containers like FileBrowser, Yacht, Plex, Git server, etc.

The server does have internet access. But I'm wondering how much do I really need to secure my server? To my knowledge, the server shouldn't be accessible outside from my network, but I'm not really sure(?). How would I make sure that the server isn't accessible from outside my network?

I'm certain that no one will be able to connect to my network/wifi, so I wouldn't stress about people gaining access to my server if they would only be able to access to it from my local network, but I'm unsure if my server is available outside of my LAN.

I would appreciate any help!

top 5 comments
sorted by: hot top controversial new old
[–] Eirikr70@alien.top 1 points 1 year ago

There must be a way to open ports on your modem (that is NAT forwarding). If no port is open, there is no way to gain access to your server. If a port is open, then there might be a way for an intruder to get into your network. The reality is a bit more complex (man in the middle, ...) but it would make sense only if your data is of value or if someone means you harm.

[–] numblock699@alien.top 1 points 1 year ago (1 children)

Make sure upnp is not enabled on your modem/router. Scan your public IP from the outside, or use shields up to see if anything is exposed.

[–] divinecomedian3@alien.top 1 points 1 year ago

UPnP got me some lovely ransomware once. Never again.

[–] Patient-Tech@alien.top 1 points 1 year ago

If you didn’t specifically open ports on your router, you’re starting off pretty well. Now software on the Fedora box could be reaching out to the internet opening ports, possibly misconfigured, but that’s a much smaller attack surface.

[–] azukaar@alien.top 1 points 1 year ago

Keep in mind that no being accessible from the internet does not mean it is safe as your local network is ALSO a very hostile environment with modern technologies (especially your PCs, smartphones , smart TV, and so on). Make sure you use HTTPS, proper authentication and so on to protect your server