I keep my pi-hole behind a firewall, but I’m considering a change that would require opening the web interface to the internet, at least temporarily.
My concern is that my pihole has several users’ private info on it. I’m not crazy about having port 80 open, but maybe I’m being paranoid.
I have read up on lighttpd and it seems secure, but would I know if someone was gradually brute-forcing or otherwise attacking the web interface? I’m mostly concerned about privacy. But there is also the concern of my pihole getting used in a DDoS somehow, if the settings were adjusted after bypassing the web interface security.
How do other users deal with this? Does everyone stick to VPN? Or am I being paranoid?
I know that I need to install a certificate to avoid passing the password in clear text.
Any other pointers to keep my pi-hole safe are appreciated.