Selfhosted

selfhosted@lemmy.world

(Group)

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.
Questions? DM the mods!

lemmy

Kkk2237pl via Selfhosted

today, 12:45 PM

Kkk2237pl
today, 12:45 PM

The first publicly open instance

I want to start with self hosting something available from internet. Currently I have jellyfin, nas etc but everything is available in local network.

My biggest concern is securing local network. I thought i will run application on separate server, I will use small vps as proxy, but Im not sure if it will be enough

#selfhosted

in reply to Kkk2237pl

Björn

in reply to Kkk2237pl today, 12:58 PM

To mitigate the risks you could put the local server into its own network where it cannot reach anything else in your home.

in reply to Kkk2237pl

abeorch

in reply to Kkk2237pl today, 1:17 PM

What are you using for a router? A good uptodate version of something like ooenwrt, a separate subnet running on a different vnet and firewall zone.

Why the vps?

Selfhosted reshared this.

in reply to abeorch

Kkk2237pl

in reply to abeorch today, 1:26 PM

Deco

in reply to Kkk2237pl

abeorch

in reply to Kkk2237pl today, 1:37 PM

Im no expert so you know take everything with a grain of salt but for me i flash all my routers with #openwrt including #tplink stuff... Butnthat gives me everything i need.

You probably do.everything with stock firmware though

#openwrt #tplink

Selfhosted reshared this.

in reply to Kkk2237pl

kythrea

in reply to Kkk2237pl today, 2:01 PM

I run my server on the internet, and my security is crowdsec + geo ip block (well, white-list my country's ip but same idea) and authelia.

Using this setup, I barely ever have even bots randomly pingig me, let alone anyone trying to access my NAS.

in reply to Kkk2237pl

androidul

in reply to Kkk2237pl today, 2:08 PM

I was pondering the same for last couple of days and had some thoughts on how to make it feasible. My research led me so far to 2 prerequisites:

must have Anubis in front
must have a WAF solution in place that covers at least OWASP Top 10

I found pretty good Caddy documentation that covers both, so I think I’ll deploy a secondary Caddy reverse proxy that’ll perform such ops for public facing services.

Of course, I currently have only 1 Caddy instance reverse proxy ing my internal services, haven’t reached the part on traffic handling when my devices are connected to the “safe network” (aka my home LAN)

in reply to Kkk2237pl

abeorch

in reply to Kkk2237pl today, 2:45 PM

Can I suggest that you start with something simple where as much as possible is templated - im like a broken record on this but i use #yunohost simply because heaps of people are using the same config.

#yunohost

Selfhosted reshared this.

in reply to Kkk2237pl

0ops

in reply to Kkk2237pl today, 3:18 PM

The absolute easiest way to securely access your server from over the internet would be to use tailscale or similar, but then you'd have to connect to the vpn service whenever you wanted to access those servers from outside your local network.

in reply to Kkk2237pl

ui_hater

in reply to Kkk2237pl today, 3:19 PM

Get you a vps and start! Or if you don't want to pay extra money host a tor service. You don't have to open ports for that.

in reply to Kkk2237pl

irmadlad

in reply to Kkk2237pl today, 6:29 PM

Have you considered Cloudflare Tunnels/Zero Trust. When you use Cloudflare Tunnels/Zero Trust, you don't need to fiddle with NAT, open any ports, in fact you don't need any open ports. You just install Cloudflare Tunnels/Zero Trust on your server, connect to your Cloudflare Tunnels/Zero Trust account, and Cloudflare does the rest. To deploy Cloudflare Tunnels/Zero Trust you will need a domain name. Cloudflare will sell you a domain name but I think most get something cheap from NamesCheap or Pork Bun. When you have secured a domain name, switch the nameservers to the ones that Cloudflare assigns you. Jacks a doughnut, Bob's your uncle.

ETA: Obviously you'll need port 22 for administration.

sudo ufw default deny incoming

sudo ufw default allow outgoing

This entry was edited (today, 6:31 PM)

in reply to irmadlad

Kkk2237pl

in reply to irmadlad today, 6:43 PM

Yeah, but if my server is in the local network, I have potential threat that someone will access my lan through public server

⇧

Kkk2237pl via Selfhosted

Kkk2237pl today, 12:45 PM • •

Kkk2237pl
today, 12:45 PM