Auth portal for VPN tunnell -> Authelia -> fail2ban -> VLAN with services only.
ELK stack monitors the LAN. (Including VLAN)
Keep that VLAN segmented. You’re good unless you’re a DOGE employee, then I’d recommend quite a bit more security.
Https://crt.sh would make anyone who thought obscurity would be a solution poop themselves.
I was reading this and thinking node package manager too and I was both confused and concerned that somebody would sit all of their security on node package manager!
That makes much more sense 🙂
Don’t fret, not even Microsoft does.
You’re not as valuable as a target as Microsoft.
It’s just about risk tokerance. The only way to avoid risk is to not play the game.
I have a server that I run services through traefik/docker on.
It ALSO has a drive that is a MIRROR of my NAS.
that NAS has a lil slavey twin, an external 14tb USB HDD. It’s on my laptop.
Every time my laptop is idle, It does a little rsync with the servers NAS to stay current.
I keep a 3rd copy (mirroring server NAS) in the cloud.
Okay. Your laptop can’t ping or SSH into the server. First, figure out if the problem is one-way. Can the server ping the laptop, or is it just dead in both directions?
You mentioned all other devices communicate normally—do they all fail to reach the laptop, or is the issue isolated to the laptop and server pair?
Physically check the server and confirm both IP addresses to ensure you’re not chasing the wrong info. Once you’ve got the correct IPs, ping the laptop from the server’s side. If the server can’t reach it either, you know this isn’t just a laptop-to-server problem.
Also, did you set up a firewall on the laptop? That’s worth looking into. And yes, it’s annoying, but try the simple stuff: disconnect and reconnect your laptop’s Wi-Fi, reboot it, even run sudo apt update just to rule out anything weird. Start with these basics before moving on to more complicated troubleshooting.
Agreed on word fence.
I didn’t say to specify a port in the DNS. I just said that it is a way that we can resolve a resource.
In the case of ports we’d configure it through whatever webserver (Apache, nginx, traefik, whatever) configs necessary on that machine. The DNS in this scenario would only be for the machines IP where our webserver then routes traffic to different ports.
I was accounting for both valid setups.
That suggested, it could be done with ports, or it could be done with separate servers.
Domain.com resolves to 1.2.3.4
www.domain.com resolves to 1.2.3.4:443
app.domain.com resolves to 1.2.3.4:5555
Games.domain.com resolves to 1.2.5.6
Mail.domaim.com resolves to 1.2.7.8
Portal.domain.com resolves to 1.2.9.10
Etc, etc.
If you’re into developing and stuff, GitLab
Plex server
Jellyfin server
ELK stack or security onion
Get steam working, connect via steam link.
Everyone is gonna learn best differently. There’s no best place to start.
Id start with solving a problem. For me, this was not wanting to make a backup to transfer my data from my old machine to my new one. So I built a little Ubuntu Server, setup a rudimentary samba share, setup users/groups, and figured out how to access that data from my network.
Docker is easy, you’ll learn it by mistake. It’ll haunt you like it’s some complicated thing until you realize you’re doing it and it’s literally incredibly straightforward.
From there, Id maybe say go to WordPress and follow instructions about setting up a WordPress site in a docker container. Oops, you just learned docker.
Id hold off on hosting email. I mean it’s a noble goal but it’s a fucking headache. But that’s just me! Like I said, everyone’s different.
Piece of advice, before you go hosting a monero server, dig into cybersecurity. Particularly server hardening. I recommend Hack The Box. There’s tons of platforms, though.
SMART tools
sudo apt-get install smartmontools
sudo smartctl -a /dev/sdX where sdX is your drive in question (sdA, sdB, etc).
| grep Power_On_Hours
| grep Power_Cycle_Count
This just tells you how much that drive was used in the past, It’s not a perfect to test but it’s what I do 🤷♂️
It’s a gamble.
When you lose, you can simply return it.
When you win, you get a hard drive that works for really cheap.
I purchased one in 2020 that I still haven’t replaced, although I’m buying the replacement now as it has begun it’s slow certain death.
🖕 my home server disagrees 🏴☠️
Puppy Linux!
Xubuntu, Lubuntu, Gentoo, Peppermint…
Some others like damn small linux or nano Linux or Linux lite.
If you’ll be running Linux and trying to use steam to run games, at all, avoid the 14th gen is.
If not, the 14th gen i9 is your bet.
Something with Proton, the layer that makes steam work with Linux, has been causing tons of people a lot of grief myself included. Any games that rely heavily on vulkan shaders will cause my whole system to crash under heavy load. It’s a known thing and Intel still seems clueless as to what to do to resolve it, afaik.