If you are concerned about TruNAS, go look at Xigmanas. This is the original FreeNAS project before iX acquired the name.
this post was submitted on 11 May 2025
353 points (99.4% liked)
Selfhosted
46672 readers
645 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Much appreciated!
Welcome! I personally run proxmox as my host os then virtualize a truenas core VM and have my docker setup in another lxc. A bit more complex than just straight up truenas but its saves me before. I'd recommend looking into it
Thanks! That sounds like one of those things that's a hassle to setup and appreciated in the long run
Its honestly not too bad as a starting point but its definitely harder than just installing truenas. Reason I'd suggest it is that it gives you more flexibility in the long term.
If you want less complexity, something like yunohost or CasaOS can be great too
I have so many things to try and discover!
Thanks, I've made a note of your suggestions, 👍
Its certainly a rabbit hole. If you ever need help shoot me a message. I'm happy to chat about this stuff.
You're a good soul!
What's the self hosted guide to security when opening up ports to the public ?
Use tailscale for host nodes, use tailscale docker container in a compose stack with an app that you sidecar to. That way that app is on your tailnet as if it is its own computer. Use tailscale serve for reverse proxying support of the apps. Then, setup a vps node (I use linodes $5 node) with tailscale and configure that to be your DMZ into your tailnet.
For DMZ, use Caddy, UFW, and fail2ban. Also take advantage of ACLs in the Tailscale admin console to only have the VPS able to route traffic to specific apps you want to expose. My current project is to work in Authelia into this setup so a user logs into one exposed app and is able to traverse to other exposed apps through header / token authentication.
Oh also, segment the tailnet using different authentication keys. Each host node should have its own key, all the apps on a host node should have a shared key, and all public facing clients should have a common shared key. That way in case of compromise you can revoke the affected keys without bringing down your network.
Basically not to. Open one for a VPN like Wireguard to accept incoming connections, and that's it. Use the VPN to connect to your home network and access your services that way.
deploy to dmz
filtered by fw
host based isolation
zerotrust
etc
Don't
No need to worry about it if you don't take the risk. The internet is constantly being scanned by bots.
load more comments
(5 replies)