Hi guys. Just want to sanity check what I am doing with Unifi controller for security and backups. I have the controller installed on a Vultr cloud managing 3 sites with switches and APs. I followed Chris’s guide here which was fantastic. Been operating for a little over a year now flaw-free.
- CloudFlare DNS A-Record points to the cloud server IP
- UFW firewall enabled and only the specified ports are open.
- Root user disabled, my SSH user has a strong password and SSH keys
- Ubuntu update/upgrade done regulararly
- Vultr control panel secured with MFA & strong PW
- Vultr automatic backup weekly
- Unifi controller on latest release
- Unifi devices all regularly updated
- Unifi controller auto-backup is on weekly
- Unifi controller settings backup taken before/after changes
Anything I’m missing here? I would prefer to route my sites to the Vultr cloud with Wireguard. This would be fine for two sites with a pfSense firewall, but the third just has a consumer Acer router.