2025-01-26, 04:50 PM
Fail2ban, as you mentioned, is a good start. It can read Nginx logs to look for repeat 4XX codes, which is often an indicator of a web crawler or scan bots.
Another option is to rent a VPS to act as a proxy for all access to your home server, then setup Wireguard to tunnel from the VPS to your home server.
This one is good practice, in general. Disable SSH login for root, setup PKI keys for SSH and disable password logins entirely (keys only). This has the added benefit of making it easier to setup access for, for example, a friend's server. Just give them your public key. No need to exchange passwords.
This one is optional, but is what I do. HTTPS and SSH do not use standard ports, except for hosting Matrix because I have use 443. This significantly reduces the number of bots and script kiddies that attempt to poke around since most will not spend the time to ping every port. This has the inconvenience of having to specify ports in the URL but worth it, IMO.
Another option is to rent a VPS to act as a proxy for all access to your home server, then setup Wireguard to tunnel from the VPS to your home server.
This one is good practice, in general. Disable SSH login for root, setup PKI keys for SSH and disable password logins entirely (keys only). This has the added benefit of making it easier to setup access for, for example, a friend's server. Just give them your public key. No need to exchange passwords.
This one is optional, but is what I do. HTTPS and SSH do not use standard ports, except for hosting Matrix because I have use 443. This significantly reduces the number of bots and script kiddies that attempt to poke around since most will not spend the time to ping every port. This has the inconvenience of having to specify ports in the URL but worth it, IMO.
Jellyfin 10.10.5 (Docker)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)