Selfhosted

53408 readers

356 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

150

Using Fail2ban to protect exposed services (arvind.io)

submitted 3 weeks ago by paequ2@lemmy.today to c/selfhosted@lemmy.world

39 comments fedilink hide all child comments

I'm wondering if I'm starting to outgrow Tailscale... my wife keeps having networking issues on Android due to Tailscale, the Nvidia Shield kills the Tailscale app randomly, and my parents' TV doesn't have a Tailscale app...

I feel like the time is approaching to publicly expose some of my services to the internet...

Any other tips?

you are viewing a single comment's thread
view the rest of the comments

[–] Fedegenerate@lemmynsfw.com 5 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I use tailscale for my non-tech family.

I run a rPi with tailscale, pihole and nginx on it in their house. They connect to the their WiFi, get adblocking for free. They go to "http://homarr.sever/" pihole captures the request, sends it to nginx which reverse proxies to a homarr LXC on my server. From there they can click links to the services which are at "https://service/######.xyz". Again, pihole captures the request, sends it to nginx which reverse proxies it over Tailscale to the appropriate LXC.

One poor soul runs a mini pc with 2 mirrored ssds attached, it runs everything above plus Syncthing. They have the privilege of running the remote back up for the server.

For apps on their phone, I intend to set their phone up with Tailscale and then just have the app go to "http://dockge:1337/"... Just as soon as I learn to write the access controls to allow admins to access everything, users to access services, and services to access nothing. I just looked and there's a gui now so I could maybe do it this winter.

[–] CocaineShrimp@sh.itjust.works 4 points 3 weeks ago (1 children)

Bookmarked this to try this setup next weekend!

[–] Fedegenerate@lemmynsfw.com 3 points 3 weeks ago* (last edited 3 weeks ago)

Honestly, I wouldn't.

I only run it this way because a VPS had 0 WAF, and I'm terrified of opening ports. VPS is the well trodden ground, there's tonnes of guides. Mine's a hack job borne of necessity, it works though, and I am proud of what I cobbled together.

It was my first time solving my own problems. I had my meager skill set, a basic idea of what I wanted, some vague notion of how I was going to achieve it, and a thick forehead to smash against the problem till it gave way for me.

I am going to keep running it this way though. To access my server you need to HAVE a relay rPi, and you need to KNOW a password. That's two authentication factors right there, just built in.