I see a lot of people here uses some form of remote access tool (VPN/Tailscale) to access their home network when not at home. I can’t really do this because my phone (iOS) can only activate one VPN profile at a time, and I often need this for other stuff.
So I chose to expose most web based services on the public internet, behind Authelia. But I don’t know how safe this is.
What I’m really unsure are things like Vaultwarden: while the web interface is protected by Authelia (even use 2FA), its API address needs to be bypassed for direct access, otherwise the mobile APP won’t work. It feels like this is negative everything I’ve done so far.
I’m a network engineer and >15 years of experience in IT. It’s never “safe”. Not even in corporate IT. You’re a home user and it’s less likely you’ll be targeted but bad actors do comb the internet for known vulnerabilities. Patch your shit, limit exposure, enable MFA on everything. I don’t run it, but I feel slightly sketched out not behind something like a Palo Alto. But again I’m just a small potato in a big sea and I patch everything.
There will always be risk. Just do what feels right for you. Follow beat practices.