Securing my Network

[north15]

Hello,

Now that my FreeNas is up and running, I have been dreaming up all of the things I'd like to do with my server. A couple of those ideas have been to host my own email server and also a basic website. As I have been thinking this through, I am wondering how security would work for a setup capable of serving files to the internet. Not exactly sure what I would need to do on my end as far as getting it all set up, but I would appreciate any advice or articles that would help point me in the right direction.

Thanks in advance,

 

[Yorick]

Reverse proxy is your friend. You can use traefik (jailman helps set that up), caddy (Danb35 wrote instructions for it), or even nginx. Then all you need to do is open 80 and 443 from the outside, the reverse proxy handles the rest.

My personal choice is traefik, but all of these solutions work well.

 

[north15]

Thanks, @Yorick I will start looking into traefik. Appreciate the recommendation. Also, nice build!

 

[Yorick]

I describe using jailman to set up traefik here: https://foundry-vtt-community.github.io/wiki/FreeBSD/. Just ignore the foundry bits :).

This may require revisions, jailman has progressed traefik support since then. That’s on my plate anyway, may take a day or two.

 

[Dan Tudora]

hello
you can keep one eye on TrueNAS 12, yes is in beta, but is most up to date then 11.3 (up to date => more secure)
success

 

[garm]

You will need a firewall a step above your IPS supplied consumer router. PfSense, OPNSense or something else with a stateful firewall. Internet facing servers really should be on their own network so you’ll need a router (and potentially a managed switch) that can do VLAN, you need a public IP from your ISP, and you need a domain so you can generate certificates with let’s encrypt.