I run a load of containers on a NAS, and reverse proxy them through synology’s inbuilt reverse proxy settings.

Essentially, I’d like to harden my security, and not really sure how best to do it.

Seeing people recommend nginx proxy manager, I’ve tried to set this up but never managed to get the certificates to work from letsencrypt (“internal server error” when trying to get one). When I finally got it working a while ago (I think I imported a cert), any proxy I tried to setup just sent me to the Synology login page.

I’ve tried to setup the VPN that comes with Synology (DSM 7+), but I must have set it up using the local IP address. It only works when I’m on my LAN, and not from an external network. Which is kind of the point, lol. I would like to use VPN to access the home network when out and about.

I’ve set random, long, unique passwords for everything I want to access, but I am guessing this is not the most secure, after seeing so many people use and recommend vpns.

I have tailscale, which is great for ssh-ing onto my Nas from the outside world. But to access my services, is a VPN the best way to do it? And can it be done entirely myself, or does it require paying for a service?

I’ve looked at authentic - pretty confusing at the outset, and Isee few evenings of reading guides ahead of me before I get that working. Is that worth setting up?

Does anyone have any advice/guides/resources that might help?

  • thelittleblackbird@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    2
    ·
    11 months ago

    From your text I understand you are not a really tech savvy person and yiu are really struggling with all the service and configuration involved.

    If you want a simple tip, stick to tailscale, it is a vpn and will protect all your services because you will not have access from internet. It is pretty safe and the configuration is trivial.

    The obvious drawback is that you won’t have internet access without installing the vpn, which depending the use case can be a deal breaker.

    Honestly, a proper configured nginx with certificates and strong password are reasonable secure when there is not any misconfiguration. But if you are in doubt stick to tailscale.

    Good luck :)

    • TsubodaiOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      I’m… a little offended by that! 🤣

      • daed@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        11 months ago

        Lmao I would be too! You’re self hosting services behind a reverse proxy and familiar enough with docker to set that up, but you’re clearly not a very tech savvy person…! Haha. There’s levels to everything, I guess. Weird gatekeep though, perhaps lost in translation

      • thelittleblackbird@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Oooops, that was not certainly the intention.

        Clearly I need to work in my communication skills. My apologies if I really upset you