This is stuff you host from home?
I am getting fiber tomorrow and trying to figure out the pitfalls of self hosting any thing. I am guessing if I make any DNS records that point to my home IP I am going to get hammered.
Discussion
Yessir from my main wan traffic.
I've been hosting stuff (like my website) publicly since 2010, and maybe 1 or 2 times have I had any actually major DOS issues. This is far from major, I have many resource exhaustion protections in place.
Also, I do not recommend pointing DNS directly to your home public IP. I pay for a public VPS and use nginx stream proxying to tunnel IP traffic back home. 1 for a layer of privacy, 2 for isolation, 3 so I don't have to terminate SSL until it hits my network, so my certs are only stored locally. Also in the case of DOS events I can just log into the VPS to disable routing, and I get my internet back. If I ever lose my VPS I can possibly purchase from another company and copy/paste my nginx config and be back up hopefully within a few hours if I need it.
i use wireguard tunnels and my own bespoke reverse proxy... and it lets me test my stuff live on the internet from my dev box
Yeah, this is what I was thinking of doing. Probably with wire guard. I haven't ever used nginx though. How much vps do you need to route a gigabit? Do you do filtering at your vps? Packet inspection?
Nginx is a fantastic tool! I have 2TB/month of traffic for my VPS and I don't come anywhere near hitting that. No, my VPS is a dumb TCP forwarder that's all it does. I just have some IP based limits, that's all.