Inspired by this comment to try to learn what I’m missing.

  • Cloudflare proxy
  • Reverse Proxy
  • Fail2ban
  • Docker containers on their own networks

Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?

    • InvertedParallax@lemm.eeEnglish
      81·
      1 day ago

      There are ip lists that let you iptables drop all traffic from China and Russia.

      Strongly recommend.

      • ocean@lemmy.selfhostcat.comOPEnglish
        62·
        1 day ago

        I was auto banning all countries but my own but now I’m hosting one resource that has an audience including Chinese…

        Good advice outside of this use case! :)

        • InvertedParallax@lemm.eeEnglish
          31·
          24 hours ago

          Yeah, there were other countries to ban, but those 2 cut my attacks down 90%.

          Also consider a honeypot that triggers when anyone tries to ssh it at all.