Aller au contenu
ArticlesSécuritéIntermédiaire

Liste de contrôle sécurité serveur domestique

Une checklist pratique pour sécuriser votre serveur : SSH, pare-feu, mises à jour, sauvegardes et accès distant sécurisé.

par HomeServersGuide Team1 min de lecture

Security doesn't have to be complicated. Work through this checklist and you'll avoid the mistakes that get home servers compromised.

1. Lock down SSH

  • Disable password login and use SSH keys only.
  • Change the default port to reduce automated noise.
  • Consider fail2ban to block brute-force attempts.
# /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no

2. Keep everything updated

Unpatched software is the number-one risk. Enable automatic security updates and update your Docker images regularly.

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

3. Use a firewall

Allow only the ports you actually need. On Ubuntu, ufw makes this simple:

sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable

4. Don't port-forward carelessly

Exposing services directly to the internet is the most common way home servers get hacked. Prefer a VPN like WireGuard or Tailscale. If you must expose something, put it behind a reverse proxy with HTTPS and authentication.

5. Back up — and test restores

Security includes recovering from ransomware or mistakes. Follow the 3-2-1 rule: three copies, two media, one offsite. An untested backup is not a backup.

6. Principle of least privilege

  • Run containers as non-root where possible.
  • Give each service only the access it needs.
  • Store secrets in environment variables or a secrets manager, never in your repo.

Quick audit

  • SSH keys only, root login disabled
  • Automatic updates enabled
  • Firewall configured
  • No unnecessary ports forwarded
  • Backups running and tested
  • Reverse proxy with TLS for anything exposed

Tick these boxes and your home server will be safer than the vast majority out there.

Articles connexes

TutorielsSécuritéDébutant

Installer Fail2ban sur Ubuntu

Bloquez automatiquement les tentatives de force brute SSH.

1 min de lecture
GuidesRéseauIntermédiaire

Accès distant sécurisé à votre serveur domestique

Comparez VPN, reverse proxy et Tailscale sans exposer de ports non sécurisés.

1 min de lecture
ArticlesPremiers pasDébutant

Qu'est-ce qu'un serveur domestique ? Introduction simple

Une explication pour débutants : ce qu'est un serveur domestique, ce que vous pouvez en faire et comment décider si vous devez en construire un.

2 min de lecture