Recently I thought I have been playing around with my homelab a lot but not exposing anything externally out of fear of compromising my personal data (and I intent to continue with this). It was time to change that slowly and responsibly. I also wanted to support decentralized projects and bitcoin was an obvious choice.
The purpose of running this node is ONLY to add a public decentralized verification node. I do not intend to keep any bitcoin address, perform signing transactions or hold any wallet on this node.
Here is my setup:
- My WAN is managed via pfSense router with pfBlockerNg managing a bunch of IP and DNS block lists.
- The only way I have my internal network exposed is via WireGuard tunnel that my personal devices use to connect remotely.
- Within my network, I have network segmentations and have created a DMZ subnet that is not allowed to communicate with any other subnet. Other outbound traffic is allowed.
- I have hosted a Proxmox linux container that is running bitcoin full node. This container is put on DMZ subnet via VLAN tagging and has a static IP.
- I have added a port forward to 8333 from WAN to this specific container.
- This container has `unattended-upgrade` enabled.
Rest all I have kept as defaults and not set up any fail2ban, ufw, etc on the container running node yet. My reasoning being since this container is accessed only from inside my network and not from WAN.
What do you think about this setup?
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments