Self-Hosting Security Guide for your HomeLab
Techno Tim
@technotimAbout
I make videos that help people do awesome things with technology.
Latest Posts
Video Description
When most people think about self-hosting services in their HomeLab, they often think of the last mile. By last mile I mean the very last hop before a user accesses your services. This last hop, whether that’s using certificates or a reverse proxy, is incredibly important, but it’s also important to know that security starts at the foundation of your HomeLab. Today, we'll work our way up from hardware security, to OS, to networking, to containers, to firewalls, IDS/IPS, reverse proxies, auth proxies for authentication and authorization, and even lean in to an external provider like Cloudflare. Video Notes: https://technotim.live/posts/self-hosting-security/ Support me on Patreon: https://www.patreon.com/technotim Sponsor me on GitHub: https://github.com/sponsors/timothystewart6 Subscribe on Twitch: https://www.twitch.tv/technotim Become a YouTube member: https://www.youtube.com/channel/UCOk-gHyjcWZNj3Br4oxwh0A/join Merch Shop 🛍️: https://l.technotim.live/shop Gear Recommendations: https://l.technotim.live/gear Get Help in Our Discord Community: https://l.technotim.live/discord 2nd channel: https://www.youtube.com/@TechnoTimTalks A HUGE thanks to Micro Center for sponsoring this video! New Customers Exclusive – Get a Free 240gb SSD at Micro Center: https://micro.center/0ef37a (paid) (Affiliate links may be included in this description. I may receive a small commission at no cost to you.) 00:00 - Intro 01:10 - Advertisement 02:06 - Don't Self-Host 02:27 - Disclaimer 02:33 - Self-Hosted VPN 02:57 - Public Cloud 03:24 - The Last Mile 03:50 - Hardware 04:28 - Virtual vs. Bare Metal 04:56 - Operating System 05:47 - Container Security 06:58 - Container Tags 08:07 - Network Segmentation 09:32 - Firewall & Port Forwarding 10:11 - Cloudflare (Reverse Proxy) 11:26 - Cloudflare Settings & Stats 11:58 - Cloudflare + Conditional Port Forwarding 13:24 - Cloudflare Firewall Rules 13:46 - IDS and IPS 15:03 - Internal Reverse Proxy 15:53 - Auth Proxy (Authentication and Authorization) 16:42 - Security Overview 17:07 - Are you going to Self-Host? 17:41 - Stream Highlight "I'm big in the Netherlands (not)" #SelfHosted #HomeLab #Security "Overzealous Punch" is from Harris Heller's album Sunset. https://l.technotim.live/sb-music-license Icons in this video have been created by Freepik from flaticon https://www.flaticon.com/authors/freepik
You May Also Like
Fortify Your HomeLab Today
AI-recommended products based on this video
TP-Link AC1300 USB WiFi Adapter (Archer T3U) - 2.4G/5G Dual Band Wireless Network Adapter for PC Desktop, MU-MIMO WiFi Dongle, USB 3.0, Supports Windows 11/10/8.1/8/7/XP, Mac OS 10.9-10.14
TP-Link WiFi 6 AX3000 PCIe WiFi Card Archer TX55E - Bluetooth 5.2, 802.11AX Dual Band Wireless Adapter with MU-MIMO, OFDMA, Ultra-Low Latency, Supports Windows 11, 10 (64bit) only
TP-Link AC1300 High Gain WiFi USB Adapter (Archer T4U)- Dual Band Wireless Network Adapter for Desktop with 2.4GHz/5GHz High Gain Antennas, MU-MIMO, Support Windows 10/8.1/8/7/XP, Mac OS
TP-Link Mini - AC600 USB 2.0 Wifi Adapter (Archer T2U Nano) - 2.4G/5G Dual Band Wireless Network Adapter for PC Desktop, Mini Travel Size, Supports Windows 11/10/8.1/8/7/XP, Mac OS 10.9-10.15
10.1 Inch Touch Portable Monitor IPS Screen 1366x768P 60Hz 400 Brightness 99% sRGB HDMI USB-C Monitors Switch for Xbox PS3/4/5 Laptop Compatible with Raspberry Pi, Mini Touch Screen
Western Digital 2TB WD Blue SA510 SATA Internal Solid State Drive SSD - SATA III 6 Gb/s, 2.5"/7mm, Up to 560 MB/s - WDS200T3B0A
Western Digital 4TB Elements Desktop External Hard Drive, USB 3.0 external hard drive for plug-and-play storage - WDBWLG0040HBK-NESN
Western Digital 4TB My Book Desktop External Hard Drive, USB 3.0, External HDD with Password Protection and Backup Software - WDBBGB0040HBK-NESN
Western Digital 4TB My Passport Portable External Hard Drive HDD, USB 3.0, USB 2.0 Compatible, Black - WDBPKJ0040BBK-WESN
