altano
Dabbler
- Joined
- Jun 6, 2021
- Messages
- 12
I'm running TrueNAS on a VPS in a datacenter for the purposes of replicating my home NAS to it. The VPS has a static, public IP at the moment. I also have secure, VNC access to the host on a separate NIC.
I don't have access to the infrastructure the VPS is running in other than the access above. I can't run any other machines, I can't stick an rPi into the rack, nothing. How would you go about securing this setup? I know the general advice is "don't expose the Web GUI to the public internet" but how would you do that here?
Run OpenVPN, Wireguard, ZeroTier, etc on the host directly and then tell TrueNAS (somehow?) to not let the WebGUI, SMB shares, or other services bind to the interface exposed to the internet?
My first thought was to install and setup ZeroTier and then set the Web Interface and ssh to only bind on the ZeroTier interface, but it looks like installing ZeroTier in TrueNAS is a disaster and/or not reasonably possible.
Does anyone have any suggestions?
I don't have access to the infrastructure the VPS is running in other than the access above. I can't run any other machines, I can't stick an rPi into the rack, nothing. How would you go about securing this setup? I know the general advice is "don't expose the Web GUI to the public internet" but how would you do that here?
Run OpenVPN, Wireguard, ZeroTier, etc on the host directly and then tell TrueNAS (somehow?) to not let the WebGUI, SMB shares, or other services bind to the interface exposed to the internet?
My first thought was to install and setup ZeroTier and then set the Web Interface and ssh to only bind on the ZeroTier interface, but it looks like installing ZeroTier in TrueNAS is a disaster and/or not reasonably possible.
Does anyone have any suggestions?