I need some help thinking through the security risks of exposing a VLANed VM to the internet, and some best practices advise
I would like to host a website from my home. I know the first rule of self-hosting is "don't", but I'd like to try.
This will be a dynamic site with very little expected traffic.
I was thinking of running a virtualized pfSense on a R730XD server. pfSesnse will be responsible to set up my DMZ vlan where I will host and expose a VM webserver (probably Ubuntu).
Here's what I was thinking:
Legend:
Purple: R730XD server
Red: pfSense VM
Pink: VLAN - DMZ
Aqua: VLAN - Home Wifi
Green: VLAN - Home Wired
Notes:
- VM-pfSense will be my nameserver and DHCP server
- My R730XD will be pulling double duty as my NAS running ZFS with an NFS setup
- The R730XD "Host" will get it's IP from BR2 via DHCP if I can work it, may need static IP here...
- Other VMs hosted on R730XD will attach to BR2 as well
- I will be firewalling my R730XD somewhat, and really lock-down "Webserver" via IPTables
So questions:
- is this insane?
- are there much better ways to do this or obvouse changes you would make?
- Assuming "Webserver" is basically hosting a Wiki with ports 22 & 443 exposed, scale of 1-10 how risky is this? 1 being bubble-wrapped child and 10 being FBI raids my home for being hacked and hosting nefarious things.
