Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I use a reverse proxy so I can just use a hostname and not need a port. I run Jellyfin that way no problem, function-wise.
Additionally, not having a domain won’t necessarily protect you since you do have people out there scanning for ports and when they see 8096, they’re going to immediately know it’s a Jellyfin/Emby server and any vulnerabilities associated with those. If you use a reverse proxy, they only see 443 which is…pretty much every other site on the internet. That’s security through obscurity, I know, but it will help mitigate some of the easier attacks.
I’ll say that everything I have to have a port open for (mostly game servers) gets targeted by the internet at large despite the fact that I’ve published the address and port absolutely nowhere online and only shared it with close friends. I almost never get anyone trying to log in to my other services.
Okay, so can people just find that shit on google? And also what are the odds of certain companies and agencies being perturbed by me essentially broadcasting copyrighted content? Even if i own it. I shpuldnt expect FBI or worse, Viacom hitmen right? Especially of the content is behond a log in?
Not even Google, they just go through every ip and port number and record if something responds
Not only are people doing regular scans, there are companies with dedicated infrastructure to do the scans for them, and making result easily searchable.
Check out https://www.shodan.io . Put your (or any other) IP address in the search bar and I guarantee the most of the services running there are already scraped, indexed and categorized. Sometimes it will even recognize a specific app or framework it's build upon.
Not only you can search for a specific IPs, but can easily look for, let's say all jellyfin instances in a certain country.
I used to search for open tvheadend instances to watch certain TV channels for free. There was a guy who not only published his tvheadend on the internet, but there was an active VNC server on his mediacenter, running kodi. Controllable by anyone without a password.
I wouldn't say this is security through obscurity, as you don't hide how asystem works, but what it is in general. On the forefront, IT security is a game about information retrieval, and you're making it easier than necessary for attackers if you give away details about what services you run for free. ;)