Self-Hosting Security Guide for your HomeLab

35 thoughts on “Self-Hosting Security Guide for your HomeLab”

• New Customers Exclusive – Get a Free 240gb SSD at Micro Center: https://micro.center/0ef37a (paid)

• What would change if I config my server into DMZ instead of port-forwarding it (in the modem/router)? I know that the DMZ opens all the ports available for one machine, but it’s isolated from the rest of the network, does it make it more safer?

• Big thanks for this priceless web hosting knowledge! Ive experienced DreamHost and Hostwinds, but Cloudways with TST20 coupon is the final champ.

• 20 minutes of words that say nothing

• Just waiting for my udm pro

• This is sooo good!! Many years wondering what I would need to do to self-host stuff without putting myself at risk and you just told me everything in less than 20 minutes. Thanks a lot!!!

• A massive thanks for this unbelievable web hosting guide! Ive experimented with GoDaddy and HostGator, but Cloudways with TST20 coupo is the ultimate money-saver.

• How about simply using Tailscale? I know it's just fancy Wireguard VPN, free tier could do much that I need. Can I trust them?

• “This is the day you will always remember as the day you almost caught Captain Tim Techno”

• Can we use Shadowsocks as a method to do "masquerade" using of our own server from providers and so on? Thank you

• Textbook quality educational content in the form of a video, one of the finest creations I've ever come across, in any category.

• Hi, thanks for the video, really well done. What do you think of the clouflare tunnels?

• I feel I like the idea of using some external service to mask my home IP but then I remember I'm giving them the keys to my traffic as is the case when you use Cloudflare as a middle man.

• Such a great use of pictograms! Awesome video, much appreciated. Cheers from the Netherlands 🙂

• This is Allright I’m not trying to depend on cloud flare, I allready have openvpn running with the traffic rules in unify

• 9:58
  That's the issue with cloudflare. Only port 443 and 80 are served by cf on free tier plan.

• Anyone tell you you look like Terry Kinney?

• Do you have a background in education? I am really impressed with this video – you can see you put a lot of work and thought into it. much appreciated

• Wow, just wow. There's a lot to consider. I suppose it's a good thing I don't have any use-cases for publicly hosting any services, there's literally nothing on my network that needs to be accessed by the public. Sadly though for the same reason I'm having trouble coming up with any reason to even run a server at all even for local stuff. I think if I ever do need to host publicly I'll take your first suggestion and just don't self-host just find a provider and use them to host. I don't think they cost that much, it'd be far cheaper than buying and maintaining all the equipment and systems you'd need to have a properly secure self-hosting, and you'd presumably have professionals to handle any attacks for you. I personally don't want the "challenge" of doing it myself, I wouldn't get any personal satisfaction from pulling it off that would justify the work. Maybe just local host stuff for testing stuff out before uploading it to a provider? The only thing I could possibly think to host might be a game server, but even that's a big maybe, I wouldn't want to leave it open to the public, and it'd probably run better if I paid for an actual provider with better hardware.

  It's sad but there just seem to be people out there who will attack any and every system they think they can no matter how unimportant or low value it seems. You don't necessarily have to paint a target on your back to be hit, just be vulnerable. I mean they don't care who they hit. Just like phone/text/email scammers will spread a wide net and go after any target they can get who might be vulnerable.

  I think the advice here is basically to put as many obstacles in their path as possible through having multiple hoops they have to jump through while also hiding and isolating the end destination.

• see you could do this, or, you could be like my father and host a voip server with all the voip ports forwarded and just leave it on in a cupboard forgotten for the last almost 20 years. thing runs fedora 8 and only has a crude ip auto ban script.

• Mannn, I'm such a visual learner and these little dynamic icons/symbols you're using give me a good basis to follow along with.

• Great overview. To summarize home lab architecture this thoroughly in 18 minutes is downright impressive! I would just suggest adding a quick comment or addendum to the guide somewhere that Cloudflare proxies alone can't be depended on for blocking external attacks, even with IP allow lists. You'll also need to setup MTLS, otherwise another Cloudflare account could proxy malicious traffic to your account through to your servers.

• Cloudflare "under attack" isn't enough when it's getting fully bypassed today…

• Great video, in which ways will opening ports on my router negatively affect my LAN devices and configuration? Attacks? Thanks 👍

• Good work covering supply chain attack from dodgy containers.

• I love how you make so easy to understand thank you Tim.

• I've been using Zerotier and also for public facing stuff I've been using zerotrust. Cool stuff. Thanks for informative video!

• Hey, quick question about the cloudflare reverse proxy: Can they see my data being transmitted and decrypt the TLS? Or is my data secure from Cloudflare itself? I dont want them to see my cat pics in transit while I backup my phone to my home server. 🙂

• But who really exposes themself to the internet?

• Great video

• Heads up unifi firewall can create problems visiting some sites.
  Like some 18+ sites.

  Also I have had the firewall get corrected and getting stuck on company protection, even tho the setting has been turned off.
  It did not remove the routing table rules, had to use SSH to fix it.

  (This was 2~3 years a go)
  On a USG pro, than the dream machine pro. Have not tried it since.

• How secure is just hosting a PiVPN on a Raspberry pi on a local network and forwarding that port? If someone gets access to the vpn, they can virtually access anything in the network. What is the better practice? I can't do it on my router because it doesn't support VPN/Firewall

• Hey Tim thank you for your work and videos. I am having trouble configuring and connecting to my new proxmox server anyway you could help?

• My man you are our hero 🇳🇱❤️

• Man your background "over-exposure"

Comments are closed.