Lista de seguridad para servidores domésticos
Una lista práctica para proteger tu servidor doméstico: SSH, firewall, actualizaciones, copias de seguridad y acceso remoto seguro.
Security doesn't have to be complicated. Work through this checklist and you'll avoid the mistakes that get home servers compromised.
1. Lock down SSH
- Disable password login and use SSH keys only.
- Change the default port to reduce automated noise.
- Consider fail2ban to block brute-force attempts.
# /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no2. Keep everything updated
Unpatched software is the number-one risk. Enable automatic security updates and update your Docker images regularly.
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades3. Use a firewall
Allow only the ports you actually need. On Ubuntu, ufw makes this simple:
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable4. Don't port-forward carelessly
Exposing services directly to the internet is the most common way home servers get hacked. Prefer a VPN like WireGuard or Tailscale. If you must expose something, put it behind a reverse proxy with HTTPS and authentication.
5. Back up — and test restores
Security includes recovering from ransomware or mistakes. Follow the 3-2-1 rule: three copies, two media, one offsite. An untested backup is not a backup.
6. Principle of least privilege
- Run containers as non-root where possible.
- Give each service only the access it needs.
- Store secrets in environment variables or a secrets manager, never in your repo.
Quick audit
- SSH keys only, root login disabled
- Automatic updates enabled
- Firewall configured
- No unnecessary ports forwarded
- Backups running and tested
- Reverse proxy with TLS for anything exposed
Tick these boxes and your home server will be safer than the vast majority out there.
Artículos relacionados
Cómo instalar Pi-hole
Bloquea anuncios y rastreadores en toda tu red instalando Pi-hole en tu servidor doméstico paso a paso.
Guía de redes para servidores domésticos
Proxies inversos, DNS, VLAN y acceso remoto seguro: da a tus servicios nombres limpios y accesibles.
¿Qué es un servidor doméstico? Una introducción sencilla
Una explicación para principiantes de qué es un servidor doméstico, para qué sirve y cómo decidir si deberías montar uno.