I use OpenVPN and not expose anything directly.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Everything critical is on lan (docs, passwords, media), everything else is on vps (gameserver, fediverse, websites). I dont mix these as I absolutely dont want to deal with a breakin. I assume they will get in so I airgap them more or less.
PII or anything that would demonstrate clear attribution is LAN, the rest of the "fun" stuff lives on a VPS. Wireguard between them.
Only my Stremio add-ons, such as Knightcrawler, Annatar and Stremio-Jackett.
Jellyfin and Miniflux are internet facing because it would be turbo annoying otherwise to deal with them
I expose most things to the web so long as they have auth and 2FA options. The one exception being my Jellyfin server. I share it with friends and needed to make it as easily accessible as possible.
With Cloudflare WAF, reverse proxy, and an isolated subnet with IDP I feel comfortable with public services. Nothings perfect but if they get through it and pwn my lab I’ll just nuke it and rebuild.
I have HTTPS and SSH accessible on the internet but only over IPv6. Anything else I access over an SSH tunnel or VPN.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
DNS | Domain Name Service/System |
HA | Home Assistant automation software |
~ | High Availability |
HTTP | Hypertext Transfer Protocol, the Web |
HTTPS | HTTP over SSL |
IMAP | Internet Message Access Protocol for email |
IP | Internet Protocol |
NAS | Network-Attached Storage |
NAT | Network Address Translation |
Plex | Brand of media server package |
SMTP | Simple Mail Transfer Protocol |
SSH | Secure Shell for remote terminal access |
SSL | Secure Sockets Layer, for transparent encryption |
TLS | Transport Layer Security, supersedes SSL |
VPN | Virtual Private Network |
VPS | Virtual Private Server (opposed to shared hosting) |
nginx | Popular HTTP server |
[Thread #549 for this sub, first seen 26th Feb 2024, 21:45] [FAQ] [Full list] [Contact] [Source code]
As a general rule if it's a pubic-ish service like Lemmy (more a friends and family than public) or something where I want ready access like auto uploads it has public access, otherwise it's private. I make it a point to have everything facing outside to have 2FA enabled and/or limit the available sources to known IP ranges.
Just my Nextcloud and Matrix