My home setup uses port forwarding and it is much safer than DMZ, that exposes your entire device. I forwarded port 443 to a higher port on my RPi so I can serve TLS traffic using an unprivileged port, without the need of a root user, this alone is a great security improvement.
Setting this up was done on my router, and was really easy, the advantage over DMZ is that I stay behind my router's firewall and DoS protection system and other protections.
I had dynamic IP from my ISP so I had to use a DDNS service, I chose ddclient[1], which is a very simple and ease to setup daemon. And it really works, never had DNS issues.
Now I acquired a static IP plan from my ISP, so I could ditch DDNS, the result is a simpler setup. It is being a pleasure to self-host. If my setup has any security holes please let me know. :-)
All in all the hardest part was buying the plan on my ISP, their customer service sucks.
PS.: In Brazil it is illegal for ISPs to block users from doing home servers or block some ports, but all major ISPs do it, so buying a static IP plan as a company was the easy solution. Plans for companies normally come with all ports unlocked and NAT disabled.
Tried to buy a static IP address from my ISP, responded that it's only offered to users of their "business" plans. The business plans: same up/down as I'm receiving now, but for more $$$. -_-
Setting this up was done on my router, and was really easy, the advantage over DMZ is that I stay behind my router's firewall and DoS protection system and other protections.
I had dynamic IP from my ISP so I had to use a DDNS service, I chose ddclient[1], which is a very simple and ease to setup daemon. And it really works, never had DNS issues.
Now I acquired a static IP plan from my ISP, so I could ditch DDNS, the result is a simpler setup. It is being a pleasure to self-host. If my setup has any security holes please let me know. :-)
All in all the hardest part was buying the plan on my ISP, their customer service sucks.
PS.: In Brazil it is illegal for ISPs to block users from doing home servers or block some ports, but all major ISPs do it, so buying a static IP plan as a company was the easy solution. Plans for companies normally come with all ports unlocked and NAT disabled.
---
[1] https://ddclient.net/
Edit: Fix typos.