Subnostr

Yessir from my main wan traffic.

I've been hosting stuff (like my website) publicly since 2010, and maybe 1 or 2 times have I had any actually major DOS issues. This is far from major, I have many resource exhaustion protections in place.

Also, I do not recommend pointing DNS directly to your home public IP. I pay for a public VPS and use nginx stream proxying to tunnel IP traffic back home. 1 for a layer of privacy, 2 for isolation, 3 so I don't have to terminate SSL until it hits my network, so my certs are only stored locally. Also in the case of DOS events I can just log into the VPS to disable routing, and I get my internet back. If I ever lose my VPS I can possibly purchase from another company and copy/paste my nginx config and be back up hopefully within a few hours if I need it.

Daniel Wigton 1y ago

Yeah, this is what I was thinking of doing. Probably with wire guard. I haven't ever used nginx though. How much vps do you need to route a gigabit? Do you do filtering at your vps? Packet inspection?

Reply to this note

Please Login to reply.

Discussion

ChipTuner 1y ago

Nginx is a fantastic tool! I have 2TB/month of traffic for my VPS and I don't come anywhere near hitting that. No, my VPS is a dumb TCP forwarder that's all it does. I just have some IP based limits, that's all.