Hi everyone!
I’m looking into self-hosting, and I currently have dynamic DNS set up to point to my home IP.
My question: is it worth getting a dedicated IP through a VPN?
I’m pretty technically savvy, but when it comes to networking I lack practical experience. My thought is that pointing my domain to a dedicated IP and routing that traffic to my home IP would be safer - especially if I only allow traffic on certain ports from that IP. Just curious if that idea holds up in practice, or if it’s not worth the effort.
Their setup sounds similar to mine. But no, only a single service is exposed to the internet: wireguard.
The idea is that you can have any number of servers running on your lan, etc… but in order to access them remotely you first need to VPN into your home network. This way the only thing you need to worry about security wise is wireguard. If there’s a security hole / vulnerability in one of the services you’re running on your network or in nginx, etc… attackers would still need to get past wireguard first before they could access your network.
But here is exactly what I’ve done:
Now I can just turn on my phone’s VPN whenever I need to access any one of the services that would normally only be accessible from home.
P.s. there’s additional steps I did to ensure that the masquerade of the VPN was disabled, that all VPN clients use my pihole, and that I can still get decent internet speeds while on the VPN. But that’s slightly beyond the original ask here.
Wouldn’t this require any user to connect to the VPN though? I’m looking for something more publicly accessible - say like a website.
Yes it would. In my case though I know all of the users that should have remote access snd I’m more concerned about unauthorized access than ease of use.
If I wanted to host a website for the general public to use though, I’d buy a VPS and host it there. Then use SSH with private key authentication for remote management. This way, again, if someone hacks that server they can’t get access to my home lan.