Selfhosted

46672 readers

1179 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

353

Come to say thank you. Time to move from proprietary to Open Source (lemmy.world)

submitted 3 days ago by essell@lemmy.world to c/selfhosted@lemmy.world

83 comments fedilink hide all child comments

Thanks to this community I've learned and I'm feeling inspired. I've loved having an NAS for the last few years, but it's woefully under powered for what I'm using it for these days.

So I've ordered some basic PC parts, gonna build a basic setup using an old CPU I got lying about and try the NAS OS I saw talked about on here recently.

TrueNAS looks like a good option with only slight fears it'll go down the well known path to the dark side like so many free options before.

In any event, I'm looking forward to adding Nextcloud and Jellyfin, to trying out Docker and generally having more control over things.

Thanks again to you all for informing and inspiring.

I'll be back if I get questions!

you are viewing a single comment's thread
view the rest of the comments

[–] Trimatrix@lemmy.world 4 points 2 days ago

Use tailscale for host nodes, use tailscale docker container in a compose stack with an app that you sidecar to. That way that app is on your tailnet as if it is its own computer. Use tailscale serve for reverse proxying support of the apps. Then, setup a vps node (I use linodes $5 node) with tailscale and configure that to be your DMZ into your tailnet.

For DMZ, use Caddy, UFW, and fail2ban. Also take advantage of ACLs in the Tailscale admin console to only have the VPS able to route traffic to specific apps you want to expose. My current project is to work in Authelia into this setup so a user logs into one exposed app and is able to traverse to other exposed apps through header / token authentication.

Oh also, segment the tailnet using different authentication keys. Each host node should have its own key, all the apps on a host node should have a shared key, and all public facing clients should have a common shared key. That way in case of compromise you can revoke the affected keys without bringing down your network.