I’ve been running my server without a firewall for quite some time now, I have a piped instance and snikket running on it. I’ve been meaning to get UFW on it but I’ve been too lazy to do so. Is it a necessary thing that I need to have or it’s a huge security vulnerability? I can only SSH my server from only my local network and must use a VPN if I wanna SSH in outside so I’d say my server’s pretty secure but not the furthest I could take it. Opinions please?
Sounds like you could use a reverse proxy.
That doesn’t count as a firewall though no? I use traefik as my reverse proxy (and like one thing on nginx that also goes through traefik ultimately) but I still put crowdsec on top
No, but putting a bunch of those services behind a reverse proxy would lower the amount of open ports. It would also have the side effect of making firewall configuration easier, since you don’t need rules for all those ports anymore.
True, I love not having to open ports anymore, game changing.