2023-08-18, 10:45 PM
(This post was last modified: 2023-08-18, 10:47 PM by TheDreadPirate. Edited 1 time in total.)
With LetsEncrypt and certbot, the fact that you are using DDNS is completely transparent. The process is exactly the same for the certificate request process. Certbot manages both of my certs, and both certs use my NoIP DDNS addresses.
As for security concerns. If you use non-standard ports you significantly reduce your chance someone attempting to break in. Most cyber-actors/script kiddies are scanning common ports to run their cookie cutter attacks against. Port 80, 443, 22, 25, 3389, etc. If you run your services on ephemeral ports (49152-65535) you are unlikely to be noticed. If you keep your software up to date, cookie cutter exploit scripts will be ineffective. And, let's be real, none of us are worth someone going out of their way to scan every port. We are not worth someone using their secret zero-day exploit against.
If I'm a hacker of a high enough caliber that I discovered a zero-day vulnerability and developed the capability to exploit it I'm using that against some massive multi-national company, defense contractor, government, or intelligence agency. If a I'm bottom of the barrel script kiddie, I'm going after easy targets and letting this random script I found on a hacker forum do all the work.
And if you setup your nginx container properly, it kind of is separate from your other containers and devices. Even on an entirely bare metal setup like mine, as long as you properly use groups and permissions you are requiring this hypothetical hacker to have additional exploits to break out to system wide access.
As for security concerns. If you use non-standard ports you significantly reduce your chance someone attempting to break in. Most cyber-actors/script kiddies are scanning common ports to run their cookie cutter attacks against. Port 80, 443, 22, 25, 3389, etc. If you run your services on ephemeral ports (49152-65535) you are unlikely to be noticed. If you keep your software up to date, cookie cutter exploit scripts will be ineffective. And, let's be real, none of us are worth someone going out of their way to scan every port. We are not worth someone using their secret zero-day exploit against.
If I'm a hacker of a high enough caliber that I discovered a zero-day vulnerability and developed the capability to exploit it I'm using that against some massive multi-national company, defense contractor, government, or intelligence agency. If a I'm bottom of the barrel script kiddie, I'm going after easy targets and letting this random script I found on a hacker forum do all the work.
And if you setup your nginx container properly, it kind of is separate from your other containers and devices. Even on an entirely bare metal setup like mine, as long as you properly use groups and permissions you are requiring this hypothetical hacker to have additional exploits to break out to system wide access.
Jellyfin 10.10.3 (Docker)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)