I recently figured out reverse proxies and I have several apps that I want to expose for ease of use for family members. I have found authelia and thought I could set that up as an extra protection against suspicions activity but after thinking about it a bit more I realized that the apps I want to expose already have user accounts and passwords so it would make things a bit more annoying when logging in. plus would authelia even work if the user is using a phone app instead of the web browser?

What are your ways of keeping your servers safe from suspicious activity or even monitoring them for suspicious activity ?

Before this post gets blasted with “just use a VPN” Yes I already have wireguard up and running but trying to get family members setup with a vpn that are technology illiterate is a nightmare

  • John_Mason@alien.topBEnglish
    1·
    10 months ago

    You can either support it on the front end with a proper VPN like Wireguard, or support it on the back end with IDS, honeypots, advanced threat management, constant monitoring, mitigation, patch management, backup and restores, isolation, etc.

    Isn’t there a middle ground with something like Cloudflare Tunnels or Tailscale Funnel? Those still expose your services to the internet outside of a VPN, but they require a lot less maintenance than you described.