Hello. I’m pretty new here. I just managed to get my Raspberry Pi setup at home to selfhost a simple website that will act as my portfolio for some art I do.
I’m using WordPress to make the content of the website, meaning it runs on Apache, MariaDB and MySQL in the background. It’s connected via port 80 since I don’t want to pay for SSL certificates to setup https. There will be no accounts or transactions happening on my website. I don’t have anything to manage my dynamic IP but I’ll figure that out later. I’ve deleted the default Pi user on the RPi.
Are there security issues I should address preemptively? I’m worried for instance that I am exposing my home network, making it easier for someone to breach into whatever is connected there.
Any tips on making sure my setup is secure?
Alright everyone, thank you so much for your thoughtful recommendations! To sum it up, here’s what I have done:
I think I should be all set, shouldn’t I?
You may want to consider dockerizing your services just for maintainability and isolation from your host. I recommend something like Nginx Proxy Manager to serve as the “main entrance” for your docker network and to handle Let’s Encrypt for you.