Hello most excellent Selfhosted community,
I'm very new to this and am confused about how vulnerable my server and/or home network is with my current setup.
I just got a basic server up and running on a machine with proxmox and a DAS for 10tb of storage. I've got two LXCs running for a docker deployed arr stack and jellyfin+jellyseer stack. The proxmox server is connected to a router attached to a fiber ONT. Everything is accessed over the home LAN network and that's it.
Everything is working correctly and my containers are all talking to each other correctly via ip addresses (gluetun network on the arr stack container). I've been reading up on reverse proxies and tailscale to connect to the server from outside my LAN network, and it's mostly gone over my head, but it did make me concerned about my network security.
Is my current set up secure, assuming strong passwords were used for everything? I think it is for my current uses - but I could use a sanity check, I'm tired. I'm open to any suggestions or advice.
I own a domain that I don't use for anything, so it would be cool to get reverse proxy working, but my attempts so far have failed and I learned I'm behind a double NAT (ONT and router) - and attempts to bypass that by setting the ONT into bridge mode have also failed. I don't really need to access anything from outside my home network right now - but I would like to in the future.
I've been documenting my homelab experiments, set ups, configurations, how-to's, etc in both Trilium and Silverbullet. I use Silverbullet more as a wiki and Trilium for journal style notes. I just got into self hosting earlier this year, so I'm by no means an expert or authority on any of this.
So my Silverbullet set up contains most of my documentation on how to get things set up. I have sections for specific components of the homelab (Proxmox general set up, general networking, specific how tos for getting various VMs and LXCs set up for specific applications, specific how tos on getting docker stacks up and running, etc.)
I didn't document shit the first two times I set up and restarted my entire homelab, but by the third time I learned. And from there I basically just wrote down what I did to get things running properly, and then reviewed the notes afterword to make sure I understood what I wrote. This is never a perfect process, so in the following attempts of resetting my server, I've updated sections or made things more clear so that when I'm coming at this 8 months later I can follow my guide fully and be up and running.
Some of my notes are just copy pasted directly from tutorials I originally followed to get things set up. This way I just have an easily accessible local copy.
When I troubleshoot something, I document the steps I take in Trilium using the journal feature, so I can easily track the times and dates of when I did what. This has helped me out immensely because I forget what the fuck I did the week before all the time.
I learned all this through trial and error. You'll figure out what needs to be documented as you go along, so don't get too caught up trying to make sure you have a perfect documentation plan in place before deploying anything.
I'm one of those people who never really took notes on things or wrote shit down for most my life. Mostly because I've been doing shit that doesn't require extensive documentation, so it was a big learning curve.
Edit: Forgot to mention that I also have a physical paper journal that I've scrawled various notes in. I found it easier to take quick notes on paper while I'm in the middle of working on something, then I transcribe those notes digitally in either Silverbullet or trilium.