this post was submitted on 15 Jun 2023
14 points (100.0% liked)

Selfhosted

39235 readers
395 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud
Loki
CannaVet
devve
HybridSarcasm
[email protected]
14
Security concerns with locally self hosting publicly accessible app? (lemmygrad.ml)
submitted 1 year ago by [email protected] to c/selfhosted
15 comments fedilink hide all child comments
 

Would I be compromising on the security of my local network and all the devices on it?

I have a ton of local-only self hosted services, some may have personal data that I would not be compromised of affected.

Now of course, I can work on securing those local services from each other, but still, the idea of opening up a port to the public seems incredibly insecure to me. Is there a way to host services publicly from a local network without compromising on security?

I know I could host on a cloud provider or VPS, but for certain things I'd prefer to keep it local (especially for things that may violate VPS providers' terms of service, like media apps)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago (1 children)

If something doesn't absolutely have to be public, then hosting a VPN or using tailscale (or if you prefer something self-hosted, nebula) can be good too.

If you DO want the application(s) to be public, then something I tried in the past that worked well:

I set up on a super cheap VPS and then set up a tunnel (using nebula) to a VM in my homelab. I made sure to configure nebula networking so as to only allow the VM and VPS.

Both the VPS and the VM were set up to allow only SSH using an ssh key. I threw on fail2ban for the VPS for good measure. It's scary seeing just how many bots attempt to log in the logs.

On the VPS, I installed nginx proxy manager and configured URLs on the nginx proxy manager to redirect each to different ports on the VM where apps (like nextcloud, an xmpp server etc) were running in docker.

Doing things that way you're only using the VPS as a HTTP/TCP proxy to the server in your home, not actually using VPS storage/processing power beyond the bare minimum for running nginx.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

This is exactly what I do using tailscale and oracle free

[–] [email protected] 1 points 1 year ago (1 children)

Free is good!

I usually go with Digital Ocean. Are you using Oracle Cloud free?

[–] [email protected] 2 points 1 year ago

Ya that's what I meant. I have lemmy running on the 4 core 24 gb ram free box