Back to Blog

Homelab Security Hardening: Complete Checklist 2025

Secure your homelab with this comprehensive security checklist. From SSH hardening to Docker security, protect your self-hosted infrastructure from attacks.

Posted by

Homelab security hardening

Security is Not Optional

Your homelab contains personal data, family photos, financial documents. A compromised homelab is a nightmare. This checklist will help you secure every layer of your self-hosted infrastructure.

SSH Hardening

# /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers your_username

# Restart SSH
sudo systemctl restart sshd

Firewall Configuration

# UFW Basic Setup
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

# Check status
sudo ufw status verbose

Docker Security Best Practices

  • Never run containers as root unless necessary
  • Use read-only file systems where possible
  • Limit container capabilities
  • Use Docker secrets for sensitive data
  • Keep images updated regularly
# Secure container example
services:
  app:
    image: myapp:latest
    user: "1000:1000"
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

Security Checklist

  • SSH key-only authentication enabled
  • Fail2ban installed and configured
  • Firewall enabled with minimal open ports
  • Automatic security updates enabled
  • No default passwords anywhere
  • VPN for remote access instead of port forwarding
  • Regular backups tested and verified
  • HTTPS everywhere with valid certificates

Continue Reading