I’ve been running some of my services so that they are accessible from the outside world. Some of this has been for fun (like my calibre setup) and some because I want to keep control of my own data. I’ve self-hosted a quite a few services on my NUC now, including things like Plex and tinytinyrss. Many of them have been exposed to the internet as subdomain, so that I could use them both from within my own network and when I’m out and about.
I came across a blog post online about how to make an nginx-based reverse proxy more secure and I went about implementing it immediately. It took me all of 30 minutes to follow the steps and get an A grade from SSL Labs! It’s still going to take more to convince me that this will deter all but the most determined hackers, but it allows me to access my services when I’m not at home.
The NUC that I bought a while back has mainly just been used to run a Plex server. Lately I’ve been playing with setting different things up on my Raspberry Pis, including my own internal DNS. Then I was talking to a colleague of mine about my Munin setup and I really wanted to show him what I’m doing. So, perhaps a little radically, I devided to open up access to the outside world
I’ve been meaning to do this for ages now and today I found the time to do it right. I installed dnsmasq on a spare Raspberry Pi to do three things: Provide nice name resolution on my servers (i.e. *foo*.peterkuehne.com) Log all DNS queries (for stats, etc, not for actual monitoring) Cache DNS lookups and make browsing a few milliseconds faster As far as I can see right now, this all works great.