Liste de contrôle sécurité serveur domestique
Une checklist pratique pour sécuriser votre serveur : SSH, pare-feu, mises à jour, sauvegardes et accès distant sécurisé.
Security doesn't have to be complicated. Work through this checklist and you'll avoid the mistakes that get home servers compromised.
1. Lock down SSH
- Disable password login and use SSH keys only.
- Change the default port to reduce automated noise.
- Consider fail2ban to block brute-force attempts.
# /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no2. Keep everything updated
Unpatched software is the number-one risk. Enable automatic security updates and update your Docker images regularly.
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades3. Use a firewall
Allow only the ports you actually need. On Ubuntu, ufw makes this simple:
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable4. Don't port-forward carelessly
Exposing services directly to the internet is the most common way home servers get hacked. Prefer a VPN like WireGuard or Tailscale. If you must expose something, put it behind a reverse proxy with HTTPS and authentication.
5. Back up — and test restores
Security includes recovering from ransomware or mistakes. Follow the 3-2-1 rule: three copies, two media, one offsite. An untested backup is not a backup.
6. Principle of least privilege
- Run containers as non-root where possible.
- Give each service only the access it needs.
- Store secrets in environment variables or a secrets manager, never in your repo.
Quick audit
- SSH keys only, root login disabled
- Automatic updates enabled
- Firewall configured
- No unnecessary ports forwarded
- Backups running and tested
- Reverse proxy with TLS for anything exposed
Tick these boxes and your home server will be safer than the vast majority out there.
Articles connexes
Installer Fail2ban sur Ubuntu
Bloquez automatiquement les tentatives de force brute SSH.
Accès distant sécurisé à votre serveur domestique
Comparez VPN, reverse proxy et Tailscale sans exposer de ports non sécurisés.
Qu'est-ce qu'un serveur domestique ? Introduction simple
Une explication pour débutants : ce qu'est un serveur domestique, ce que vous pouvez en faire et comment décider si vous devez en construire un.