chaplin2

joined 1 year ago
sorted by: new top controversial old
How to confirm home server security in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 11 months ago

Frankly these are useless. SSH is secure by default and will never support algorithms that could be possibly broken. Same for TLS 1.3

A mailserver incident post-mortem in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 11 months ago

Docker bypassing ufw is very bad

forwarding port 22 safe? in c/main@selfhosted.forum
[–] chaplin2@alien.top 3 points 11 months ago

If you disable password authentication, and use public key authentication, yes.

Question: Instead of Nextcloud, why not use a FTPS server with an nice client? in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 11 months ago

The reason for downvotes is comparing apple and oranges, and also throwing FTP in the mix!

Let’s consider SFTP and nextcloud. SFTP is a secure respected protocol for file transfer. If you use key authentication and disable the password authentication, it approaches to be bulletproof security wise. SSH has rarely had a vulnerability that would allow attackers in. It’s even have post quantum cryptography. It’s rather easy to set up. But it doesn’t do more than file transfer. It also doesn’t have a lot of GUI apps.

Nextcloud is like Dropbox. You can find A LOT of things in it (though frankly the quality of most of them may be low). File transfer is just one of the things that it does. It uses https, why? Because the web technologies and developers have focused on this versatile protocol in the past decades. You access internet through port 443 not 22!

If I want to backup data or transfer files, I use SFTP. Over the internet, I trust SFTP not nextcloud. For other things, I use other tools such as Synchting, nextcloud etc. Synchting allows syncing over SSH.

1
VM redundancy (alien.top)
 

I had proxmox with unattended updates in VMs, but VMs sometimes hangstop booting, encounter DNS issues, etc. That’s not something that I can rely on!

I want to run a vm and make sure the service in it is always available. The users should always have access to the service through Cloudflare tunnels. The bare metal installation works for a long time, but not VM installation. I can tolerate a 30 minutes fix once year, but it won’t work telling users sorry there is a problem this week with my server!!!

How to set up this VM?

So far, the solutions that I found are, set up automatic ZFS snapshots every 15 minutes, and set up another proxmox server with proxmox backup server, ready to boot from backup.

Help me to choose CPU for home server for openvpn in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 11 months ago

Wireguard is what you want!

3
Secure authentication in front of a web server open to internet (alien.top)
 

I would like to open an instance of a web server such as nextcloud, synology, etc to the internet. VPN is not possible since recipients are not a prior known. Reverse proxy seems like a good option.

Cloudflare tunnels provide a layer of authentication in front of the web server. But I don’t want Cloudflare having access to my traffic and don’t know a way to add a layer of encryption to keep Cloudflare out of traffic.

I know authelia, but haven’t worked with it.

What are the options?

Caddy seems to good to be true? I just set it up and it works perfect, straight out of the box in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 1 year ago (2 children)

How do you compare Caddy with nginx proxy manager?

How to download and catalogue all emails from and to someone? in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 1 year ago

Yes. For example, I want to share all emails on a particular person.

The emails can be easily browsed, searched, etc. I don’t want to share my entire inbox.

2
How to download and catalogue all emails from and to someone? (alien.top)
 

On Linux , is there a software to filter, download and catalogue all emails from and to someone?

It would be something like an inbox in Thunderbird, with only one email address. The search brings To or From, also doesn’t store them in a separate folder.

Looking for a Personal Research Management Tool in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 1 year ago

Is paperless-ngx useful for this too?

Worst case scenario after an attack in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 1 year ago (1 children)

I’m referring to ZERO DAYs. OpenSSH is a serious security product. Those web apps are written by random people and probably riddled with vulnerabilities not known to public.

Here is the rule. Only a trusted vpn and ssh key authentication can be public.

Worst case scenario after an attack in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 1 year ago (3 children)

You are doing it wrong: SSH with key authentication is the most secure piece, and could even be public. Immich and Jellyfin surely have zero days and should be behind VPN

Jellyfin help? in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 1 year ago

Off topic.

Jellyfin apps seem to me less user friendly than plex.

Plex iOS app moves back and forth in the video pretty fast. Why are there pictures of cups and tea etc instead of clear 10s back and forth? Common!

Create a virtual network (VPN?) between my home server and my VPS (Without routing any of my internet through the VPN) in c/main@selfhosted.forum
[–] chaplin2@alien.top 1 points 1 year ago

If you are not familiar with VPNs set up, then use Tailscale. If it can make direct connections, you are done.

Otherwise, run a Wireguard server on VPs

1
Can't run a Plex docker-compose file correctly (alien.top)
 

I don't seem to be able to run the linuxserver Plex docker container correctly. The docker compose file is simple and copied below. The user PUID and group PGID are obtained from /etc/passwd entries or "id -u". The user with PUID and PGID has full permission to /myconfig and /mymovies in the host. I tried various different users, some with admin privileges.

The container runs, but in the PLEX account I don't see any option to find local media. There is a bunch of annoying TV and movie and streaming advertisements/promotions.

What am I doing wrong?

version: "2.1"
services:
  plex:
    image: lscr.io/linuxserver/plex:latest
    container_name: plex
    network_mode: host
    environment:
      - PUID=  1026
      - PGID= 100 
      - VERSION=docker
     volumes:
      - /myconfig:/config
      - /mymovies:/movies
    restart: unless-stopped

view more: next ›