I recently started self-hosting services at home, like a personal cloud and media server. Getting them online raised a big question: how to keep them secure? Two main options came to mind: VPN and authentication.
The VPN Approach: A Simple Fortress
My first thought? Why mess with complex user setups for each service when I could just use a VPN like Wireguard? I locked down my server, allowing only Wireguard and SSH access. My services live on a private network behind Nginx. Since Wireguard encrypts everything, even plain HTTP is fine.
This is what I chose. It’s simple and secure. The only catch? Adding a new device means setting up Wireguard on it. Sharing access is tricky; it’s not ideal for one-time use.
Authentication: The Standard Solution
The second option, setting up an authentication system like Authentik or Authelia, is more common. You see it everywhere online. But it felt like overkill for just me (or even a small family). Do I really need all that for personal use?
The upside is access from anywhere with a password and 2FA. Simple enough.
The Dilemma: Simplicity vs. Flexibility
So, which is better? It depends. The VPN approach is like a fortress – secure, but with a single drawbridge. Authentication is more like a well-guarded city – multiple entry points with checks in place.
A VPN is great for solo users prioritizing maximum security and minimal setup. If you rarely access your services from new devices, this might be your best bet. But, if you want easy access from anywhere, on any device, and need to share access occasionally, authentication might be less of a hassle in the long run.
What About You?
I’m curious, what are you using to secure your self-hosted services? Did I miss any other options? Share your thoughts!
