I set up an *arr stack and made it work, and now I’m trying to make it safe - the objectivly correct order.

I installed uncomplicated firewall on the system to pretend to protect myself, and opened ports as and when I needed them.

So I’m in mind to fix my firewall rules and my question is this: Given there’s a more sensible ufw rule set what is it, I have looked online I couldn’t find any answers? Either “limit 8080”, “limit 9696”, “limit …” etc. or “open”. Or " allow 192.168.0.0/16" would I have to allow my docker’s subnet as well?

To head off any “why didn’t you <brilliant idea>?” it’s because I’m dumb. Cheers in advance.

  • Kushan
    link
    fedilink
    English
    310 months ago

    The guy above you gives great advice. Set up SWAG, then the only ports you’re exposing are 443.

    Once you have that set up, look at adding something like authelia. This will give you 2FA on top of those apps meaning even if someone guesses the password and the URL to access them, they still won’t be able to.

    • @dan@upvote.au
      link
      fedilink
      English
      110 months ago

      adding something like authelia.

      I used to use Authelia, but Authentik is nicer since it’s mostly configured through a web UI. It also supports SAML for services that don’t support OpenID Connect. It also has a proxy mode like Authelia, but that’s not recommended if the service has proper SSO support. There’s just a bit of an initial learning curve.

      • Kushan
        link
        fedilink
        English
        110 months ago

        Yeah honestly either solution is a solid one