How-To-Secure-A-Linux-Server
ufw-docker
How-To-Secure-A-Linux-Server | ufw-docker | |
---|---|---|
48 | 65 | |
16,718 | 3,774 | |
- | - | |
4.5 | 0.0 | |
20 days ago | about 1 year ago | |
Shell | ||
Creative Commons Attribution Share Alike 4.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How-To-Secure-A-Linux-Server
- An evolving how-to guide for securing a Linux server
- How to Secure a Linux Server
-
Should I set up my own server?
- own server costs about $5/month. I recommend using docker to deploy hbbr and hbbs. Back up the key in case you need to re-deploy. You do need to secure your Linux server, and this community-driven Github guide has some good tips to get started.
- How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server.
-
Automating the security hardening of a Linux server
I have been using the How To Secure A Linux Server guide for quite a while and wanted to learn Ansible, so I created two playbooks to automate most of the guides content. The playbooks are still a work in progress.
-
Connecting to docker containers rarely work, including via Caddy (non docker) reverse proxy
If it works, I will then follow the hardening guide I did before (https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) and test after every step
-
Resources to learn backend security from scratch
Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening
- Time to start security hardening - been lucky for too long
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
[4]: https://www.linode.com/docs/guides/
[5]: https://www.digitalocean.com/community/tutorials
-
Selfhosting Security for Cloud Providers like Hetzner
I suggest these resources: - Some fundamentals: https://www.cyberciti.biz/tips/linux-security.html - One of the best imho ( exhaustive list ): https://github.com/imthenachoman/How-To-Secure-A-Linux-Server - Ansible playbook to harden security by Jeff Geerling: https://github.com/geerlingguy/ansible-role-security - OAWSP Check list ( targeted for web apps... and honestly a bit overkill ): https://github.com/0xRadi/OWASP-Web-Checklist
ufw-docker
-
Swag reverse proxy, fail2ban not working
I am running ubuntu server 22.04 LTS and have fail2ban running on the host. This works great, no issues and IPs get banned for the rules I have in place. I am using UFW and have updated my after.rules for docker based on the recommendations here.
-
How to close Docker ports
I use this without problems for Long time, https://github.com/chaifeng/ufw-docker
-
Docker Overrules UFW
[2016]
A solution is known and formed detailed here: https://github.com/chaifeng/ufw-docker
- DHCP is not blocked by ufw/iptables
-
Docker networking seems to have completely broken, can't really explain it all in the title.
In any case, maybe try to compare the blocked port ranges with the ports you are using. Did you see this https://github.com/chaifeng/ufw-docker
-
Ongoing attacks on Synology NAS: how to protect your NAS
https://github.com/chaifeng/ufw-docker For example.
-
Security on ubuntu
ufw is nice, when you are on public networks. And very nice if you are playing with SSH-Server, Docker,.. on your notebook. Couse you write coding, I want to add this, if you use docker.
-
Securing a VPS running docker
You can use use this for a more manual approach: https://github.com/chaifeng/ufw-docker
-
Gluetun/QBitTorrent Web UI issues
Sorry that's about the extent of my docker network knowledge. One other thing you can check though - are you running ufw on the host? If so you can try updating the config with ufw-docker.
-
What OS for NUC with Plex, Arrs, Home Assistant & Frigate
Hi! I'm also new to the homelab category, but I have a bit of experience. I'm currently running Ubuntu 22.04, and the only problem what I had is docker containers not working with ufw. (Fix can be found here: https://github.com/chaifeng/ufw-docker) I've been running my stuff in Docker containers, and it worked pretty well for me. So if you are also new to this, I'd definetly recommend Ubuntu for its simplicity. (Also tons of already great tutorials on how to do literally anything)
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
podman - Podman: A tool for managing OCI containers and pods.
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
ansible-role-firewall - Ansible Role - iptables Firewall configuration.
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
csf-post-docker - CSF with support for Docker
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
firehol - A firewall for humans...
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
tailscale - The easiest, most secure way to use WireGuard and 2FA.