wedge_film

joined 1 year ago
[–] wedge_film@lemmy.dbzer0.com 2 points 1 year ago

My bad, I should have worded that better, thank you for making it clear, that's exactly what I had in mind.

[–] wedge_film@lemmy.dbzer0.com 3 points 1 year ago (6 children)

General advice would be to look boring and hide your IP as much as you are able (get a domain). As long as you're not looking juicy you won't attract skilled attention. It's like locking a bike, most bad actors will just pass by looking around for one without a lock or a real fancy one worth their resources.

You can utilize Cloudflare's free offerings, starting with simple stuff. Their DNS Proxy is essentialy a single-click but will help substantially. You can build on top of that with simple WAF rules, such as droping connection attempts from IPs originating from countries notorious for "poking around". You can also reverse that rule and whitlelist only your country.

Keep your firewall tight, don't expose other ports, put your services behind a reverse proxy and redirect everything to HTTPS. Start simple, constantly improve, learn more advanced methods/concepts.

[–] wedge_film@lemmy.dbzer0.com 6 points 1 year ago (2 children)

I usually recommend this one. There's a section for NPM you'll find useful.

[–] wedge_film@lemmy.dbzer0.com 1 points 1 year ago

I used to run Authelia with NPM. It supports TOTP as second factor.

[–] wedge_film@lemmy.dbzer0.com 1 points 1 year ago (1 children)

I know of a project that may match your description: https://github.com/azukaar/Cosmos-Server

I remember seeing it some time ago in a self-hosted community, but don't remember on which platform.