He he didnt but thats what he meant
I mean 99% of users use reverse proxy for https public access
Also read the threat replies …
That’s what this thread is about
…
No?
ippocratis
- 3 Posts
- 19 Comments
Joined 2 years ago
Cake day: August 2nd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Yes that’s exactly what they do
The funnel exposes your local services to the public over https . Like what you want to accomplish with reverse proxy . Its just more straightforward for a beginner.
Personally I closed my router ports and switched to tailscalr funnels after using caddy with mutual TLS for years.
While using a web server before your self hosted micro services is the obvious answer and caddy the easier to configure, as a beginner you should also consider taiscale funnels. You dont need to mess with router stuff like port forward or caring if you ISP have your router behind a cgnat which is kinda norm nowadays , also dont have to care for a domain name dynamic DNS stuff . You could have a look to my quick how to . All you need is running a script , the ports and desired names of your subdomains and your tailscale auth key. https://ippocratis.github.io/tailscale/
Brave sync server is open source and self host able.
Everything a browser syncs is syncable passwords, history, bookmarks, cards etc
The “issue” is there is not a user interface element to easily add the self hosted instance url
There are workarounds though
You can read my quick how to here
6·1 month agoHeadscale does not support funnels unfortunately
Tailscale is not completely foss.
3·10 months agoOwntracks , overland or traccar apps to track device coords when it moves
Then Owntracks offer a very basic webui to show your track or pins within a specific time period on a map
Dawarich has some extra features and can handle google takeout and both Owntracks and overland json’s
https://github.com/Freika/dawarich
Traccar has many features too
All apps require a server
I am also starting a web app that fit my needs
It offers search , route grouping , and a date picker .
I’m struggling to implement new features like poi visited locations , google takeout import , support other apps except owntracka, beatify it a bit etc but I’m no real Dev .
Either way you might want to have a look
Yeah I’ve tried that with my webdav mount coz its the obvious thing to do.
Problem is local notes are exposed to other apps and unencrypted.
Apps like neutrinote can protect notes in their app sandbox and create a backup mirror in location of choice e.g. a webdav Mount that happens to be behind mtls.
Syncthing does not offer mtls.
Thanks for the info. Will look in to that approach too.
Mtls requires that the android client device has a certificate installed that matches the one installed on the server in order to access it.
“But, thinking about it now, I doubt it will actually affect the feature”
It will not
We don’t need to import a custom CA authority here just to insatll a client cert
Vaultwarden behind mutual tls and reverse proxy and https://github.com/oguzhane/bitwarden-mobile until https://github.com/bitwarden/mobile/pull/2629 is merged
But honestly all services you mentioned are worthy.
Anything that fits your needs imao
I use https://github.com/dgraziotin/docker-nginx-webdav-nononsense
There are many dockerised fileservers
OMV is quite limiting and maybe a little heavy for the pi(?)
Docker is straightforward Idk what to say You install docker and docker compose on host and run some compose.yml’s to spin up your services
RPI4/400 is perfectly capable as a little home server. All it needs is a good SD card.
Owntracks,photoprism,monocker,brave go m-sync,libre photos,wallabag,radicals e,Baikal,Firefox sync,Joplin web,webdav server,jellyfin,vaultwarden,wireguard
1·2 years agoTo re-run the initial setup
Delete nextcloud/data folder
Delete nextcloud/config/config.php file
Add nextcloud/config/CAN_INSTALL file
And docker-compose up
Nextcloud is an overkill. Its just too much. I’d say better split down the needed services. Baikal/radicale etc for contacts/calendar. Photoprism/librephotos etc for photos. A webdav server for storage. And so on.
Ok I’m not any networking expert but I think you are overestimating the risk here.
Opening a port doesn’t mean you are opening your whole home network just the specific services you want. And those not directly but with a web server in front of them . Web servers talked in this tgread that sit in front of open ports are well audited . I think that measures like mtls a generic web server hardening are more than ok to not ever be compromised.
But yeah I’m surely interested to listen if you could elaborate.
Thanks