This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/TheEclecticScientist on 2026-03-28 22:12:19+00:00.

Hello y’all,

I am trying to learn more about self hosting and internet security, so I’m planning out a project to help me learn it better. I would really appreciate any help.

My primary goal is to safely host several services I’m already running on a LAN on a domain (Jellyfin, Immich) that my non-technology minded family can access. In addition to making this domain secure, I also want this to be FOSS and easy for end users. Because of this I don’t want to use tailscale, a cloudflare tunnel (for their terms and conditions), or a VPN login for the end user.

My understanding is that Caddy should be able to handle the port forwarding, the SSL certifications, and some IP geo blocking. I’ve also seen suggestions for using authenik to do 2FA on the user end, and including something like fail2ban to deal with certain types of attacks. I’m also considering using nginx to learn the concepts better, but for simplicity here I’ll stick to using Caddy.

My secondary goal is to limit and reduce the amount of data that is collected by third parties. I was reading about PiHole with Unbound being used to prevent your ISP and third parties from collecting data on your habits. Honestly I don’t understand all the concepts around the whole setup yet, so I’m not sure how these would interact. So my questions are:

1. Is there a way in this setup to further strengthen the security of the connection between my network and the external domain? Is there a better way to set this up given my requirements of FOSS, easy on end user, etc? This may also pair with the next question.

2. Is there something I can add with the Caddy setup to prevent my ISP and third parties from tracking my activity, both in general or to the hosted domain? I can work on installing PiHole with Unbound, but I didn’t know if there was an option that fit better into this setup.

3. Is there a way to increase security on the domain itself to minimize third parties attempting to break in? I think I read a reddit comment about making the webpage appear blank to scrappers, but I couldn’t find it again.

4. Lastly, if something does get through security, is there anyway to isolate the location it would have access to to stop it? For instance, could I make it so it could only access a hard drive with my media data that didn’t have privileges to execute programs?

Thank you in advance for any help. I have some experience with self hosted services and the command line but I’m just starting out learning about Internet protocols and security. If you have any suggestions for the order in which to learn concepts I’d love to hear them.