As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

  • MostlyGibberish@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 months ago

    Definitely a consideration. In my case, the vast majority of my services are running in docker on a single host box, including the reverse proxy itself (Traefik). That unencrypted traffic never goes out over a wire, so for now I’m not concerned.

    • raldone01@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      9 months ago

      Bonus points for creating lots and lots of networks grouping the databases together with only their respective containers.

      ip a is a huge mess.