Saltar al contenido
SeguridadIntermedio

Lista de seguridad para servidores domésticos

Una lista práctica para proteger tu servidor doméstico: SSH, firewall, actualizaciones, copias de seguridad y acceso remoto seguro.

por HomeServersGuide Team1 min de lectura

Security doesn't have to be complicated. Work through this checklist and you'll avoid the mistakes that get home servers compromised.

1. Lock down SSH

  • Disable password login and use SSH keys only.
  • Change the default port to reduce automated noise.
  • Consider fail2ban to block brute-force attempts.
# /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no

2. Keep everything updated

Unpatched software is the number-one risk. Enable automatic security updates and update your Docker images regularly.

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

3. Use a firewall

Allow only the ports you actually need. On Ubuntu, ufw makes this simple:

sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable

4. Don't port-forward carelessly

Exposing services directly to the internet is the most common way home servers get hacked. Prefer a VPN like WireGuard or Tailscale. If you must expose something, put it behind a reverse proxy with HTTPS and authentication.

5. Back up — and test restores

Security includes recovering from ransomware or mistakes. Follow the 3-2-1 rule: three copies, two media, one offsite. An untested backup is not a backup.

6. Principle of least privilege

  • Run containers as non-root where possible.
  • Give each service only the access it needs.
  • Store secrets in environment variables or a secrets manager, never in your repo.

Quick audit

  • SSH keys only, root login disabled
  • Automatic updates enabled
  • Firewall configured
  • No unnecessary ports forwarded
  • Backups running and tested
  • Reverse proxy with TLS for anything exposed

Tick these boxes and your home server will be safer than the vast majority out there.

Artículos relacionados

RedesPrincipiante

Cómo instalar Pi-hole

Bloquea anuncios y rastreadores en toda tu red instalando Pi-hole en tu servidor doméstico paso a paso.

1 min de lectura
RedesIntermedio

Guía de redes para servidores domésticos

Proxies inversos, DNS, VLAN y acceso remoto seguro: da a tus servicios nombres limpios y accesibles.

1 min de lectura
Primeros pasosPrincipiante

¿Qué es un servidor doméstico? Una introducción sencilla

Una explicación para principiantes de qué es un servidor doméstico, para qué sirve y cómo decidir si deberías montar uno.

2 min de lectura