![](https://lemmy.world/pictrs/image/2dedcffc-18dd-4e68-856a-f151cf6ad2f6.png)
![](https://lemmy.ml/pictrs/image/q98XK4sKtw.png)
You may not want to depend on those cloud services and if you need something not static, doesn’t cut it.
You may not want to depend on those cloud services and if you need something not static, doesn’t cut it.
Why only email? Why not also a website? :)
“self-hosting both private stuff, like a NAS and also some other is public like websites and whatnot”
Some people do it and to be fair a website is way simpler and less prone to issues than mail.
If you did you would know I wasn’t looking for advice. You also knew that exposing stuff publicly was a prerequisite.
Your billion dollar corporations aren’t running dedicated hardware
You said it, some banks are billion dollar corporations :)
Proxmox will not switch to Incus, they like their epic pile of hacks. However you can switch to Debian + Incus and avoid that garbage all together.
That’s a good setup with multiple IP, but still you’ve a single firewall that might be compromised somehow if someone get’s access to the “public” machine. :)
Are you sure? A big bank usually does… It’s very common to see groups of physical machines + public cloud services that are more strictly controlled than others and serve different purposes. One group might be public apps, another internal apps and another HVDs (virtual desktops) for the employees.
Kinda Scenario 1 is the standard way: firewall at the perimeter with separately isolated networks for DMZ, LAN & Wifi
What you’re describing is close to scenario 1, but not purely scenario 1. It is a mix between public and private traffic on a single IP address and single firewall that a lot of people use because they can’t have two separate public IP addresses running side by side on their connection.
The advantage of that setup is that it greatly reduces the attack surface by NOT exposing your home network public IP to whatever you’re hosting and by not relying on the same firewall for both. Even if your entire hosting stack gets hacked there’s no way the hacker can get in your home network because they’re two separate networks.
The scenario one describes having 2 public IPs, a switch after the ISP ONT and one cable goes to the home firewall/router and another to the server (or another router / firewall). Much more isolated. It isn’t a simple DMZ, it’s literally the same as two different internet connections for each thing.
If there’s an exploit found that makes that setup inherently vulnerable then a lot of people would be way more screwed than I would.
Fair enough ahah
What’s your concern here?
No specific concern, I do like in scenario 2, option B. I was just listing the most common options and getting feedback on what others think about those.
I personally believe the setup 2B is more than enough if a nation state isn’t after you, but who knows? :)
So you do trust LXC isolation to the point of thinking that it would be close to impossible to compromise your host?
are we talking what’s good enough security for hosting an anime waifu tier list blog or good enough security for a billion dollar corporation?
You tell me. :)
What would you do/trust in both situations?
I have no complaints about their QC but well, samples are samples.
Get a USB-C DAS (enclosure) for your disks, those use their own power supply. Since it is USB-C performance will be very good and stable and you’ll be happy with it.