deleted by creator

Could also be a good opportunity to add a service monitor like Uptime Kuma. That way you know what services are still down once things come back online with less manual discovery on your part.

I expose most things to the web so long as they have auth and 2FA options. The one exception being my Jellyfin server. I share it with friends and needed to make it as easily accessible as possible.

With Cloudflare WAF, reverse proxy, and an isolated subnet with IDP I feel comfortable with public services. Nothings perfect but if they get through it and pwn my lab I’ll just nuke it and rebuild.

deleted by creator

I was using that same docker image for a while but somewhat recently migrated to this: https://github.com/favonia/cloudflare-ddns

It handles 5 of my domains all from the single container. Highly recommend it!

If you woke up and all of that data was gone tomorrow but you didn’t care, then there is no reason to back it up IMO.

Hell, I download things multiple times sometimes just to spite Comcast.

If it’s a dns block I’d highly recommend setting up your own recursive dns resolver. Something like pihole and unbound. That way you query the authoritative servers directly and your ISP can’t filter your content as effectively since they would be limited to incredibly ineffective IP based filtering.

I wonder how long until we get to jailbreak our cars just so those cock suckers can’t spy on us.

Down in a reply to some other comments https://lemmy.ca/comment/3915756

I am horrified, but equally impressed 😂

I would HIGHLY recommend that for something as essential as DNS, you should be running it on its own hardware. Considering, as you’ve experienced, that any issues result in a complete loss of normal access to the internet.

You can run pihole on something as small as a Raspberry Pi zero w, then just set it with a static IP and forget about it.

Considering you said you’re currently using WSL I suspect there is an extra layer of networking bullshit that is breaking your routing. If you haven’t already looked at this document, it might have the information you need https://learn.microsoft.com/en-us/windows/wsl/networking#accessing-windows-networking-apps-from-linux-host-ip

But for the sake of stable DNS services you will thank yourself for just getting a dedicated device of any power level to ONLY handle DNS.

I’ve been considering pulling the trigger on a cellular home network as backup. At least in the US you can get cellular home internet service as an add on to your cell phone bill. It would be significantly slower than my primary service, but seems like it would be a reasonable backup to avoid completely losing internet due to maintenance or general bad stability.

I’ve got a few layers of security for my homelab setup that make me feel pretty comfortable against random attacks.

Cloudflare is used to manage my domains and act as an external proxy to obscure my IP address, I’ve only forwarded ports 80 and 443 to Traefik my containerized reverse proxy, Authelia to add 2FA to services that I feel should have extra protection and my homelab nodes are on a separate vlan that is configured to drop all attempts to initiate communication outside of that vlan. I also use the ubiquity intrusion detection and prevention features on my firewall to attempt to stop any know malicious activity.

A majority of these configurations are overkill for a homelab, but were fun to implement. If you use a reverse proxy and keep your software up to date you will likely be fine unless you are specifically targeted by skilled hackers. Any random scans, or shotgun style attacks tend to target unpatched vulnerabilities.