Home network security and nginx for dummies?

Hey ya’ll!

I’ve recently finally pulled the trigger an converted an old Lenovo laptop into a home server running Debian. I don’t have any formal computer science background, but I grew up around PCs and cut my teeth on MS-DOS and WinNT since my pops worked at IBM and HP when I was a kid. I’ve dipped my toes into the microcontroller world working on a project to build permanent RGB Christmas lights so my in-laws wouldn’t need to climb ladders every season.

Seeing some videos of CasaOS finally made me think “Oh, I can totally do that!”, and so far the experience has been great. I’ve always ground my teeth a bit at the privacy concerns of third-party cloud services, so this has been a great experience so far. My family has been pleased with the performance and usability of Jellyfin and HomeAssistant. I have learned that simply port-forwarding to my server insecure, and that I should be using a reverse proxy if I want to access my home server remotely.

So far, things have been pretty intuitive or easily tutorialized, but I feel like I’ve reached the edges of my competence when it comes to setting up my own reverse proxy using NginX with CasaOS. I am hesitant to blindly follow step-by-step instructions to for the DNS and SSL shenanigans. It may get me through the intial setup, but I feel robbed of a learning experience and I would be SOL if it needed troubleshooting. Other video tutorials I have found seem to target an audience that has more background knowledge than I do. Tinkering with things inside my own local network is fine. Exposing things to the public web introduces safety concerns that I would like to treat with the proper respect, even if that means learning things from scratch. I’m not currently looking for a career in IT, but I would like to be empowered enough to make competent decisions about how I manage my home network.

I am smart enough to know when I am out of my depth, and I would really appreciate any resources the community can share so I can learn about securing my home server properly. Do you know of any good books, youtube series, or online courses? I send my sincerest gratitude all of you beautiful folks!

2 Likes

Have you heard about Wireguard? Instead of exposing your server and traffic that might or might not be secure to the internet you should create a tunnel to your local network. You don’t even need to try to hide behind a proxy.

Just make sure you got automatic updates running and don’t forget to plug all your firewall ports when changing services.

Excellent point of view. Don’t expose any of your hardware to the internet unless you need to or know what you’re doing.

Even better - have you heard about TailScale? It’s wireguard technology easy to use.
An online search or even just browsing their website you bring up easy to follow tutorials for setup.

1 Like

That’s actually good to know, I haven’t heard of them before.
Tho for a project at home to become self-reliant there exists tools as well, ie. wg-easy.

There’s a curl script for it that walks you through a CLI UI installation (for debian/raspbian etc), then there’s also Docker images.

FreeBSD might be a good move if you want to learn as it comes with very good documentation and is frankly in many ways more consistent than many distros. I would also in general strongly suggest that you don’t go for the “random” docker images route if you want to learn. Install the software that actually is required and try to follow the documentation which is in many cases is pretty good or you can find simple tutorials.

I’ve taken a look at Tailscale! it seems to have both the functionality and documentation that fits my use case, and fewer manually configured components means fewer opportunities for me to screw things up. The videos that I found do an excellent job of explaining how and why things work. Thanks for the tip! :smiley:

1 Like