So I've spent a small fortune recently on Unifi kit. In doing so it's enabled me to setup DDNS within my USG Pro, connecting via my Namecheap domain. Very quickly, I set it up, opened port 80 and forwarded it to my Pi4 webserver, saw the contents via home.mydomain.com just as I would have navigating to it locally via 192.168.0.1 (webserver address), then closed the ports. Can someone point me in the right direction when it comes to securing the access somehow, I really don't know where to start or what to look into. Once setup it would be good to somehow access everything on the network, home server (trueNAS), PiHole (pi4), Webserver (pi4), Unifi goodies. Thanks
Does anything apart from webserver need to be accessible from internet by third parties? If no - enable https (use letsencrypt certs) on your webserver and setup VPN (no idea if USG supports anything, but can always set up openvpn on rpi or truenas) for accessing local network resources. If you need several web services to be accessible from outside then you'll need to set up reverse proxy (in that case rproxy will be responsible for https/encryption) on one of your devices (might be possible on USG, definitely on rpi or truenas).
Create a client VPN on the USG then VPN in to access things you need internally. You don't need to open any ports unless you want the public to access things.
Thank you for the replies. I'd maybe like the server and the webserver to be accessed. I had thought VPN, but having never used one I'm not sure where to start. How does a VPN work with a changing IP address, can I use it in conjunction with DDNS and a url off my domain? Thanks
You can use the DDNS to access the VPN with a dynamic IP. VPN is definitely the safest way. Phole admin can be done via an app without opening ports, same for Unifi admin, that just leaves whatever is on the webserver and the other server. Work out what you need on them and we can work out the best access strategy.