As an initial step, the cloud host is up and running. It’s an Ubuntu Linux server with the following configuration steps:
- SSH with key only, SSH port moved from 22 to somewhere else. It is always impressive, how fast these login attempts against your ssh site grow in numbers.
- Docker installed.
- Firewall using
nftables
configured and enabled. Since Docker still prefersiptables
it took some time to add the corresponding rules to my configuration. - Wireguard VPN server configured as bastion host, so no forwarding of traffic from the cloud host towards the Internet. Any service provided by this cloud host will only be available inside the tunnel network.