KISS ! That’s the way I’m doing it. Although it kinda gets more difficult to keep track of every docker image update after you have a dozen containers.
Thinking of something that could keep track and give me a nice notification about the changes and give a link to the github page before updating the container.
You’re right, but only if you are an experienced IT guy in enteprise environnement. Most users (myself included) on Lemmy do not have the necessary skills/hardware to properly configure and protect their networking system, thats way I consider something like wireguard way more secure than opening an SSH port.
Sure SSH key based configuration is also doing a great job but there is way more error prone configuration with an SSH connection than a wireguard tunnel.
Opening ports on your router is never safe ! There’re alot of bots trying to bruteforce opening ports on the web (specially ssh port 22)
With SSH I would disable the password authentication a only used key based authentication. Also disable root access. (Don’t know how it works with forgero though)
I would recommend something like wireguard, you still need to open a port on your router, but as long as they don’t have your private key, they can’t bruteforce it. (You can even share the wireguard tunnel with your friend :))
Also use a reverse proxy with your docker containers.
There are a lot of things you could do to secure everything, but If you relatively new to selfhosting, there’s a steep learning curve and a lot of time needed to properly secure everthing up. You could be safe by doing nothing for a few months but as soon as someone got into your system, you’re fucked !
But don’t discourage yourself, selfhosting is fun !
Thanks :)) I did tried it out a few month ago. It works as expected, but I was looking for something with a nice webUI wich pulls the whole changelog before updating a container.
An AIO web interface that give all the changes and expected bugs or issues. I know there isn’t something like that… That’s why I just look out for github notifications with an RSS feed and read through all the changes/issues before doing any updates.