Lyricism6055

Yeah what you're talking about is a DMZ, it still won't help a ton if you don't have strict firewall controls inside your network too.

I just use wireguard with firewall rules to restrict to just my server with my docker containers on it and my DNS

I still use a reverse proxy, but to get into my network you need to be on VPN. It's more secure for me I guess.

I use traefik forward auth, even inside my network on VPN, for an extra layer of security for some apps.

My opinion is that port 443 getting accidentally misconfigured by me is just too likely a scenario. With wireguard on my router I also am able to restrict traffic to ONLY my webserver and DNS servers for my devices.

So I guess that's another positive of wireguard, you can use your own DNS servers for all your phones all the time and always have ad blocking with pihole or something similar, even on mobile.

By using VPN I don't have to worry about accidentally exposing a website with a copy paste error or something over my reverse proxy. I can also easily restrict who has access to my VPN and do routing rules from my router per device or subnet (for people who aren't in my family I have a separate subnet I assign with more strict firewall rules)

I ended up buying one that flips around and can do A and C connections

If this server is publicly accessible and gets pwned, they can use it as a jump box for your internal devices.

Just close 443 and use VPN with ACME DNS challenges for your certs. That'll help make it even more secure, nothing is full proof though and a VPN is a good first step

Ofc, but then you now have a dependency on a specific version of ffmpeg for your root OS

Just had an example of this working for me. Parsec only publishes a .deb file, and the flatpak is out of date / unmaintained. They don't have Nvidia decoding anywhere but Ubuntu. But with distrobox / boxbuddy I can get a fully-featured parsec install that runs on a distrobox. Works perfectly, and even has an application in my host application menu. It's bad ass

I meant for bazzite. You can use an arch distrobox and it'll be like you had arch installed already

Yup, but now I get to use whatever distro I want with distrobox. It's awesome

I've installed .deb files before that fail or miss dependencies, then you get stuck in a half applied state and have to force fix your apt packages.

I'm not saying I'm doing it right, but its happened before more than a few times to me, but not on bazzite

Yeah, until that one time when you tell apt to force install a package and it fucks your entire system...

I'm judging moms with no reason not to breastfeed for doing it. That's all

If you have a medical issue, or you're a single father, etc ... Then I'm not judging.

Either way, im just a random guy on the internet and my opinion doesn't really matter in the grand scheme of life