Using Fail2ban to protect exposed services | arvind.io
arvind.io
Fail2ban is a software application that protects you from brute-force attacks. The most common use-case is to protect your server's publicly exposed SSH service from being an easy target. If that is your only goal, you might find it quicker to follow the steps from this article by Linode for...

I’m wondering if I’m starting to outgrow Tailscale… my wife keeps having networking issues on Android due to Tailscale, the Nvidia Shield kills the Tailscale app randomly, and my parents’ TV doesn’t have a Tailscale app…

I feel like the time is approaching to publicly expose some of my services to the internet…

Any other tips?

  • paequ2@lemmy.todayOPEnglish
    3·
    20 hours ago

    What kinds of things are you planning to expose?

    Primarily Jellyfin and Immich.

    What I expose I hide behind a reverse proxy with IP whitelists.

    Do all your clients have fixed IPs? I have some clients that are phones or laptops, but I would imagine those change as people drive around to different cities or connect to different coffee shop WiFi.

    • cyberwolfie@lemmy.mlEnglish
      2·
      12 hours ago

      It depends on what service - some, like Jellyfin, are accessed only from home IPs which are static (for music through Jellyfin I use offline mode to prevent too much mobile traffic), so I can add those specific IPs in the whitelist. Otger services I need to access from elsewhere, and I can add entire subnets (i.e. for my phone carrier network or VPN servers). Those change once in a while and that is annoying. Other services I want publically available.

      Jellyfin especially still has some unsecured endpoints where it would be wise to take some.extra precautions. I think the risk some people seem to think this poses is a little overblown (i.e. rights holders finding your instance and reverse mapping your entire library and suing you to oblivion), but better not risk it.