First of all, Happy Holidays, I hope you are all well!
I'm about to install an Ubuntu home server in my house to host some game servers and an Apache server.
My ISP will provide static address for me, so I do not need to worry about DDNS configuration.
The problem is that I'm really concerned about the security. I will change some of the usual stuff like SSH ports, will also install fail2ban, and make sure that I only open ports I really need to public.
But I can't figure out what would be the best way to position the server and change my home network configuration. I really want to do my best to keep everyone in the LAN safe, (I already know that this is really hard given the fact that I use cheap TP-link router). I really think that the server can handle WAN stuff better, so I was thinking about WAN > Server > Router. The server already has 2 network cards, so I can forward the traffic to the other one and attach my home router there. However, I'm willing to sacrifice WAN stability to achieve better security and put the server behind my router - WAN > Router > Server.
Thinking about both options, aren't they the same? In both ways all LAN clients in my home network will be behind the router that has some firewall stuff built in.
I will greatly appreciate your opinions and ideas on this.
Thank you very much!