I've been doing it for about 13 years now with HTTP/s (80, 443), SSH (22), MOSH (lol idk), and IRC (6697) exposed to the internet. You don't need it, but something like fail2ban or crowdsec is a good idea. You will get spammed with attempts to break in using default passwords for commodity routers (Ubiquiti's `ubnt` is rather popular), but if you're up to date and take a few minor precautions it's not all that hard and/or dangerous. That being said, there are alternatives such as Tailscale that are strictly more secure but far less flexible. I've heard of people using Cloudflare tunnels as well, but I'd rather not rely on big players for stuff like that if I'm going through the effort to self host (and don't have any real risk of DDoS).
I would try to set up automatic updates for critical security patches or update about weekly. I know people that self host and do it monthly and they seem fine too. Most anything super scary vulnerability wise is on the front page here for awhile, so if you read regularly you'll probably see when a quick update is prudent. I personally use NixOS for all of my servers and have auto-updates configured to run daily.
An old laptop is exactly how I got started 13 years ago, they're great because they tend to be pretty power efficient and quiet too.
My stuff is always out of date and hasn't gotten hacked yet.
I don't see why you'd want to run ssh on port 22. I run it on a different port and never get login attempts. Yes, if someone targeted me specifically of course they'd find out, but I guess that hasn't happened yet.
> I don't see why you'd want to run ssh on port 22.
I run ssh on port 22 because I like wasting the time of those script kiddies. Also I like to brag about half a million "hacker attacks" on my server per month.
Which cases? Tailscale has eliminated all my fears I had about self hosting and I've been using it a ton. The only issue I've run in to has been a single service (Withings) that uses a web hook to trigger updates for my sleep mat. Their server isn't on my tablet so I would need to expose atleast one service to the wider Internet.
I'm talking specifically about Tailscale Funnel which gives ingress access to services on the tailnet from outside (ie. on the general internet). Any case that doesn't use TLS for a transport won't work. SSH being a notable one, but I can think of several others.
How does tailscale help with securely self-hosting from home? I have it setup to interface securely with my PCs across networks (like at my inlaws), but not sure how it helps if i were to expose something to the world.
On top of this, having ipv6 configured makes things harder to discover but not impossible (As long as you don't use ${ipv6_subnet}::xxxx for your hosts). You can avoid NAT and just expose the nodes you need. Most ISP assign /56 or /64 which is a humongous amount of ips. It's nice if you are just using a flat virtual network in your home lab. The amount of scanners I see for my subnet are non existent at the moment.
I would try to set up automatic updates for critical security patches or update about weekly. I know people that self host and do it monthly and they seem fine too. Most anything super scary vulnerability wise is on the front page here for awhile, so if you read regularly you'll probably see when a quick update is prudent. I personally use NixOS for all of my servers and have auto-updates configured to run daily.
An old laptop is exactly how I got started 13 years ago, they're great because they tend to be pretty power efficient and quiet too.