lal309

Didn’t know you could do this. Interesting!

I went with the OpenSSL CA as cryptography has been a weakness of mine and I needed to tackle it. Glad I did, learned a lot throughout the process.

Importing certs is a bit of a pain at first but I just made my public root ca cert valid for 3 years (maybe 5 I can’t remember) and put that public cert in a file share accessible to all my home devices. From each device I go to the file share once, import the public root ca cert and done. It’s a one time per device pain so it’s manageable in my opinion.

Each service gets a 90 day cert signed by root ca and imported to nginx proxy manager to serve up for the service (wikijs.mydomain.io).

Anything externally exposed I use let’s encrypt for cert generation (within NPM) and internally I use the OpenSSL setup.

If you document your process and you’ve done it a few times, it’s gets quicker and easier.

When I was looking for a DMS I ran across MayanEDMS. I never got a chance to stand up any DMS but it may be worth checking out their site in case it meets your needs.

Not exactly DMS but I have a WikiJS instance running with MFA enabled and access control. For example, my wife and I can access a set of documents we deem sensitive but other users can’t. I use WikiJS for all my documentation needs.

I use rclone as well and was in your position not long ago (looking for a non complicated backup solution). Landed on rclone based on feedback and what I read online. Spent about an hour reading rcl one’s documentation and built a script to do the backups daily.

OP if you go the rclone route, I can share my template script with you to get you started.

The script is pretty simple: makes sure there’s a logging file created on the system ahead of time, timestamps, the actual backup job, error checking, notification via discord (success or failure) and log output to the file created above.

Edit: I forgot to mention that recently (don’t know exactly when) Proxmox released something call Proxmox Backup Server (PBS). I have not used it but I imagine it integrates well with your Proxmox cluster but even then you may want to look at a complimentary solution to backup that server too.

Edit: Even if you go with Proxmox Backup Server, you may want to thinking about how you backup the backup server. Preferably off site, in my opinion.

As I started thinking about how to lay out this “emergency page” I started thinking “well in order for this page to be accessible, I have to assume that my servers are up and running for my family to even get to said page. If the servers are offline for any reason, this page would be useless.” So yea probably something physical or non “techy” is best for this

Honestly, haven’t even though about it. Better make this my weekend project.

Someone mentioned having a static page with instructions (home.example.com/emergency or something similar) not a bad idea at all. Actually this might the route I take too. Thank you for talking about something I didn’t even know I needed!

Try through the browser first as suggested by someone else. If you are running the Docker container, check you port mappings.

How does it obfuscate the point? A layered approach to security.

I am running SMB although it’s not publicly available and setup with specific users having specific access to specific shares.

Good note on crowdsec

This is pretty much what I have setup. I’m not logging to a separate server but I do have other things setup like fail2ban, changes default ports, secrets management, etc. Good resource tho

A request for proposal? If that’s what you mean then no. I’m asking for my home setup not for a business/enterprise. If I missed the mark then please elaborate.

I avoid McAfee like the plague!