Hey guys,

I finally come around and started the journey of self-hosting and decided to get a VPS. After securing it, by making login via public-key default, I installed CasaOS and instantly regretted it since it now can be reached freely from the internet. A while ago, I read that you can limit the incoming connection to only VPN and ssh. And configured a Wireguard-VPN on the server via pivpn. But the server can still be reached from the internet. So what do I have to do now? Is it even the right choice, or am I missing something? How do you guys secure your VPS?

  • stown@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    What’s the point of renting a VPS if you only access it from your own network? I understand why a large company would do it (risk mitigation) but I don’t understand why a self-hoster wouldn’t just use an old computer at home. Your costs would be reduced and you could more easily control access.

    Now that being said, most Cloud VPS providers have a firewall that you can configure from their web portal. If you whitelist your home network public IP then you can be sure that anyone connecting to your VPS will have to be doing so from your home network. You could do the same thing with UFW or Iptables on the VPS but I recommend using the external firewall because it won’t take resources from your VPS while defending against a DDOS.

    • rmstyle@feddit.deOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      The two main reasons I decided to opt for a VPS was, that I don’t have a PC here that is efficient enough and the faster fresh installs and snapshots are a pro too.

      • stown@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        If you haven’t already, check out Proxmox. It’s an operating system that specializes in running Virtual Machines. If you run Proxmox at home you can have all the features that you just mentioned and more.