„Inspired“ from https://lemmy.world/post/287146 and many related questions (also on reddit before).

Why don‘t people like opening Port 443 on their Homerouter? An open Port itself is not a vulnerability because nothing is listening on it, therefore there cannot be any connection established. When forwarding Port 443 From Router to e.g. The Homeservers LoadBalancer / Proxy, this Proxy is the final resolver anyways.

So why doing the more complex and more error prone Route via the VPS / Tailscale / CloudFlare?

I did that some years ago too, but just because i did not have an static IPv4 at home. But speeds were awful and i switched to Routerport + DynDNS and now everything is super performant.

    • jalim@jalim.xyz
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 years ago

      This doesn’t really apply if you’re port forwarding to a specific device. In that case you know that you have told your firewall to forward port 80 & 443 (for example) to your web server and you know what ports that has open. I would not be using UPNP on the other hand as that seems dangerous especially in the IOT era.

    • Edo78@feddit.it
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      and, even if you scan them, how do you know that a port knocker isn’t there waiting to the secret knock?

    • nif@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      Opening a port on consumer routers does not mean that all devices are open. Normally you forward a port to a host+port in the local network. In most cases some server which you control. All other devices are not affected by opening a port.