this post was submitted on 11 Feb 2024
2 points (100.0% liked)
homelab
6460 readers
2 users here now
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I try to keep my router and NAS clutter-free as far as software goes. Each additional service you run, especially that listens to requests from clients you can’t control, could open you to a vulnerability that might give system access.
I run a reverse proxy on a dedicated Pi and have firewall rules on the Pi to only allow outgoing connections to the hosts I’m proxying to.
Maybe I’m paranoid but I’m sure there are lots of good and bad eyes looking at Nginx’s code.
I took have a nginx reverse proxy, ddclient, PiHole on a dedicated Pi behind the router and in front of literally everything else.