I’m in the process of setting up homelab stuff and i’ve been doing some reading. It seems the consensus is to put everything behind a reverse proxy and use a vpn or cloudflare tunnel.
I plan to use a VPN for accessing my internal network from outside and to protect less battle tested foss software. But I feel like if I cant open a port to the internet to host a webserver then the internet is no longer a free place and we’re cooked.
So my question is, Can I expose webserver, SSH, WireGuard to the internet with reasonable safety? What precautions and common mistakes do I need to watchout for.
Can someone clarify this for me: is the below true?
Even if a port is exposed on a regular residential network (no public IP address), due to NAT, nothing will be able to reach that port unless the application running on that port is trying to reach outside at the same time (for the purpose of NAT traversal)?