I have an extensive home lab on my home network that hosts many services (think jellyfin, matrix, etc) that I'd like to expose to the Internet. I have however never done network security and it's hard to find answers without fear-mongering about opening ports on your home router. I am searching for the best way to secure my home network when I will open my services. Accessing my services via a VPN is not an option.
Here is a schema of my network:
INTERNET => ISP router with ports 80 and 443 forwarded to => Mikrotik router with ports 80 and 443 forwarded to => RaspberryPi 4 running caddy as a reverse proxy for => Ubuntu server machine that runs every service
Note: the ISP router is unfortunately necessary and cannot be discarded. It exists only because my ISP demands it and the Mikrotik router is the main router for my network.
In this setup, what should be my priority for hardening? Is a strong firewall on the Ubuntu server really necessary? Should I focus on the RaspberryPi 4, the routers?
Here is a schema of my network:
INTERNET => ISP router with ports 80 and 443 forwarded to => Mikrotik router with ports 80 and 443 forwarded to => RaspberryPi 4 running caddy as a reverse proxy for => Ubuntu server machine that runs every service
Note: the ISP router is unfortunately necessary and cannot be discarded. It exists only because my ISP demands it and the Mikrotik router is the main router for my network.
In this setup, what should be my priority for hardening? Is a strong firewall on the Ubuntu server really necessary? Should I focus on the RaspberryPi 4, the routers?