Hi, I apologise if this isn’t the right place to ask for advice or if I come across as stupid. I work in IT and have started to run my homelab. It’s mainly local stuff like a NAS and media server but I do have a Home assistant instance running. I was always a hardware guy but with my role growing I felt I needed to learn about networking and how a network runs services on the Internet.

I own a domain and use NGINX to point to my HA box. Cloudflare points my domain to my local IP via plugin that watches for changes as I understand it. Currently Home assistant and NGINX are open on my router but I’m pretty sure I made them open only to the two static IPs running my services. Cloudflare seems to mask my local IP when pinging my domain but I’m sure there are ways around it.

I want to eventually run a Minecraft server and a few other bits as a hobby but I’m conscious of the security risk of opening up ports and exposing my servers to the Internet. Is there a way I can secure my network even more? Am I doing this wrong?

Again I apologise I’d this is the wrong place or I come off as stupid. While Networking and Hardware are my specialty at work, the buck stops at the router

  • AriquitaunB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Use vlans to create a dmz you can place a server only for public Internet facing stuff.

    • conrat4567OPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Thank you. VLANs seem to be the common consensus. Time to play around with my switches lol