Since all the people in this thread do some kind of personal hosting/DevOps, I am posting one of my recent comments on how to make the security of your infrastructure rock solid:
> I self-host three VPNs to protect my infrastructure heavy startup https://quantale.io
I am a big fan of Pritunl which is opensource and provides network security with a lot of ease. I am in no way affiliated with them, I am just a big fan of Pritunl. I use Pritunl to limit access to servers and web applications for my different teams. For each user, you can generate a profile and assign the servers and port they have access to on the server. For eg:
- Only dev team can access ssh port(22) on stage server and not open to internet.
- Any one in the team can access stage version(port 443) for testing purpose.(Not open to internet)
- Only I can access all ports on all Prod servers(only 443 open to public)
What hackers can't see, they can't attack. Especially the port 22 on your servers should only be accessible to you and not the internet.
I self-host one instance each of OpenVPN and Wireguard with Pi-Hole which is then used to access my Pritunl Server adding extra layer of security.
Each of these 3 servers can be hosted on Hetzner $2/month instance. With a mere $6, you can add an extra layer of security to your infrastructure. Pritunl itself also provides subscription so that is also an option.
> I self-host three VPNs to protect my infrastructure heavy startup https://quantale.io
I am a big fan of Pritunl which is opensource and provides network security with a lot of ease. I am in no way affiliated with them, I am just a big fan of Pritunl. I use Pritunl to limit access to servers and web applications for my different teams. For each user, you can generate a profile and assign the servers and port they have access to on the server. For eg:
- Only dev team can access ssh port(22) on stage server and not open to internet.
- Any one in the team can access stage version(port 443) for testing purpose.(Not open to internet)
- Only I can access all ports on all Prod servers(only 443 open to public)
What hackers can't see, they can't attack. Especially the port 22 on your servers should only be accessible to you and not the internet.
I self-host one instance each of OpenVPN and Wireguard with Pi-Hole which is then used to access my Pritunl Server adding extra layer of security.
Each of these 3 servers can be hosted on Hetzner $2/month instance. With a mere $6, you can add an extra layer of security to your infrastructure. Pritunl itself also provides subscription so that is also an option.
https://news.ycombinator.com/item?id=28671753
If you want to discuss more about this or security in general, feel free to reach out to me on my email on profile.