A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Your services would first of all need some sort of integration to report failed authentication attempts to your firewall or you wouldn't have anything to act on to start the block. Sounds complicated edit: and also what fail2ban does by reading logs it seems.
If I were you I would ponder if it wouldn't be easier to just setup a headscale/wireguard/openvpn server and connect to your other services through that.
My favourite home firewall right now would be opnsense
I fuess I can get that info from most services vy parsing their logs.
When using a vpn server, only I could access the services right?
Isnt opnsense only for bsd? I am running linux.
Isnt opnsense only for bsd? I am running linux.
opnsense is bsd based yes, you can either run it on it's own hardware in front of your server or you can run it as a virtual machine and passthrough your hosts network ports to it for WAN/LAN.
When using a vpn server, only I could access the services right?
You can easily setup vpn users for friends/family but a random person on the internet won't reach your services if you block access from WAN and forces everyone to go through the vpn server.
Not exactly sure what you're looking for here; neither fail2ban nor crowdsec are firewalls by their strict definitions.
Are you looking for an IDS/IPS or other security measures? If so, what are you trying to secure?
Inam trying to secure aelf hosted webservices against attackers. I noticed some attack attempts in my caddy logs.
Well, it wouldn't hurt anything to install fail2ban and enable the popular templates, but it sounds like you might need to explain your service layout and how it's exposed to the web before anyone can suggest a security measure.
Generally in the self-hosted space there are two common approaches: set up a VPN into your network for your trusted devices, or set up a reverse-proxy with a trusted tunneling proxy like cloudflare.
That you are seeing "attack attempts" in your caddy logs should be elaborated as well. What exactly are you seeing?
I still need to find a "$35 Raspberry Pi" 🤣
I use k3s with Calico so I can have k8s network policies for each service I’m running.
I use firewalld as generic firewall and fail2ban as IPS/anti-bruteforce solution (blocks IPs using firewalld's ipsets)