I’m in the process of setting up homelab stuff and i’ve been doing some reading. It seems the consensus is to put everything behind a reverse proxy and use a vpn or cloudflare tunnel.
I plan to use a VPN for accessing my internal network from outside and to protect less battle tested foss software. But I feel like if I cant open a port to the internet to host a webserver then the internet is no longer a free place and we’re cooked.
So my question is, Can I expose webserver, SSH, WireGuard to the internet with reasonable safety? What precautions and common mistakes do I need to watchout for.
If you set your router to only forward traffic from port 443 to a certain host does this drop all non port 443 traffic to that host?
I’d expect so, but you’ll need to test with your exact router model how it behaves. Some have a ‘DMZ’ function that you can use to pass all ports to a certain host. I use it to expose the WAN interface of my opnsense router to the internet through the ISP router. Then I can fine tune the open ports further in opnsense which is better designed for that than the usual ISP box.