I recently got my reverse proxy, NPM, working with next cloud.
I had some original issues with SSL and docker networks.
How do you users secure your connection when self hosting? If I keep the port open on reverse proxy, is the login page safe enough? I’m wanting to de-google for myself and my wife.
I’m not opposed to VPN only but also curious about opening up other services to close friends.
I have NextCloud and my own small site I use for something with a reverse proxy. Everything else (paperless, firefly iii etc.) is only in the home network
I’m using a VPN and a proxy.
I just use the wireguard an HAProxy plugins on my opnsense. It is what makes sense to me for the time being.
paint smell sulky rude chief whistle head ripe voracious follow
This post was mass deleted and anonymized with Redact
Add CrowdSec or Fail2Ban as another layer of security a long with the other stuff recommended and on top of what you’re already doing.
There is no fool proof way to self host and have stuff remotely accessible. The old idiom of outrunning a bear fits well here. You don’t need to run faster than the bear, you just need to run faster than other people. Added layers of security just increases the effort it takes for your data to be stolen. People will naturally want to go for the easier targets first.
Also, there is the effort to reward ratio. The fact that you are self hosting to begin with makes you low value. If they need to put in the effort, they would rather go after a network that has multiple user’s data because the return is much higher.
I personally use traefik as my reverse proxy due to the ease at which crowdsec can integrate, especially with everything being dockerized on my network. I should, but don’t virtualize first, so I think crowdsec is the best option for me. I just don’t have the hardware overhead for virtualization. Plus, I’m planning on jumping into k3’s or k8’s.
If you virtualize and then run docker containers, fail2ban will likely be the better option for you.
I appreciate the input. If sharing links with friends. It would need to be more public.
Side question to all: is there a VPN/DNS setup that could support dynamic links for friends that you wouldn’t have to give them any real VPN credentials. They would only have visibility to the linked file for x amount of time though your VPN?
I’ve tried other providers, but Smartproxy has been the best so far. Their proxies are fast, and their pricing is great.
Based on my experience, SmartProxy is a great choice for a proxy provider.
Cloudflare tunnels with approved IP addresses. I think with the paid version you can set time limits on static links. But the time limit thing can be handled in Nextcloud for the shared access.