I have a Minecraft server at home. And as soon as you can reach it from the outside (so far only via VPN) I wanted to make the server a bit more secure. So does anyone have any tips on how to make this server more secure?
Server runs on a Raspberry Pi (Linux)
Secure password
Firewalls
only open / forward the ports that minecraft really needs. Under no circumstances open an SSH port 22 to the outside.
Fail2ban would be good
Always import updates for the system promptly.
It is best to lock the system in a guest LAN in the router or at least restrict the system's access to other network resources.
That's what comes to mind spontaneously.
Overall, however, you should think about whether this really makes sense. Do you want many to come to your server? The Raspberry Pi is too weak for that.
You can do a lot here, a good start is e.g. https://github.com/...nux-Server
In principle, only open the most necessary ports to the outside. Only certain users and client IPs are allowed to connect via SSH (and not from the Internet). Do not use a standard SSH port. Change passwords regularly (see pwquality in the Github post). Use Lynis auditing to assess how secure your system is. In addition, the infrastructure around it is also interesting, ideally the Internet → Firewall → DMZ → Loadbalancer → Your server
