At the very least you need to make sure to run a firewall that allows you to put the server in its own zone/DMZ so if the server is compromised, they won't be able to pivot into your home network....
At the very least you need to make sure to run a firewall that allows you to put the server in its own zone/DMZ so if the server is compromised, they won't be able to pivot into your home network. Create the firewall rules so your clients inside your "home" zone can access the DMZ but not vice versa. Then only expose the DMZ to the internet on ports that are absolutely necessary for accessing the content, and consider geoblocking IP space that you'll never be coming from.
The easiest recommendation for this is to run some manner of pfsense/opnsense on commodity hardware. I haven't really touched consumer level gear in a while so I'm not sure what the capabilities are these days. OpenWRT firmware would be your best bet on any of that kind of stuff.
Basically you want to treat your hosting environment as hostile as you treat the internet.
At the very least you need to make sure to run a firewall that allows you to put the server in its own zone/DMZ so if the server is compromised, they won't be able to pivot into your home network. Create the firewall rules so your clients inside your "home" zone can access the DMZ but not vice versa. Then only expose the DMZ to the internet on ports that are absolutely necessary for accessing the content, and consider geoblocking IP space that you'll never be coming from.
The easiest recommendation for this is to run some manner of pfsense/opnsense on commodity hardware. I haven't really touched consumer level gear in a while so I'm not sure what the capabilities are these days. OpenWRT firmware would be your best bet on any of that kind of stuff.
Basically you want to treat your hosting environment as hostile as you treat the internet.