TCB13

TCB13 , 7 months ago (edited 7 months ago) to selfhosted in Access home server from anywhere

Yes, you can use a Cloudflare tunnel but why? Since you’re into self-hosting why should you depend on some random company to tunnel your traffic when you most likely don’t need it? You also have all the potential tracking, spyware, risks and “being hostage” scenarios that may come with that choice.

The following assumes your use case is a simple home server for “standard arr apps, jellyfin, pi-hole” for personal usage that sits inside your network and your objetive is to be able to access those services. If you’re instead trying to host a game server / few services for friends (that doesn’t really need to be “inside” your home network) there’s a more complete comment with other security considerations and recommendations here.

Your basic requirements are:

• Some kind of domain / subdomain payed or free;
• Preferably Home ISP that has provides public IP addresses - no CGNAT BS;
• Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as freedns.afraid.org.

Quick setup guide and checklist:

1. Create your subdomain for the dynamic DNS service freedns.afraid.org and install the daemon on the server - will update your domain with your dynamic IP when it changes;
2. List what ports you need to access remote;
3. Setup Wireguard VPN on the server. There’s also this nice UI that can be used to do most of the setup and create client config files;
4. For the VPN use custom ports with 5 digits - something like 23901 (up to 65535) to make your service harder to find;
5. Configure your ISP router to assign a static local IP to the server and port forward the VPN port to the server IP;
6. Only expose absolutely required services (the VPN port in this case) to the Internet. Any service the server provides, SSH, configuration interfaces and whatnot can accessed through the WireGuard VPN;
7. In the server consider setting up nftables / iptables / another firewall 10 minute guide;
8. Configure nftables to only allow traffic coming from public IP addresses (IPs outside your home network IP / VPN range) to the Wireguard port - this will protect your server if by some mistake the router starts forwarding more traffic from the internet to the server than it should;
9. Configure nftables to restrict what countries are allowed to access your server. Most likely you only need to allow incoming connection from your country (wiki.nftables.org/wiki-nftables/…/GeoIP_matching).

Since you’re only allowing access to your services through the VPN and you’ve heavily restricted access to the VPN port you’ll be safe. Just a side note, don’t be afraid to expose the Wireguard port because if someone tried to connect and they don’t authenticate with the right key the server will silently drop the packets.

Now if your ISP doesn’t provide you with a public IP / port forwarding abilities you may want to read this in order to find why you should avoid Cloudflare and how to setup and alternative / more private solution.

TCB13 , 7 months ago (edited 7 months ago) to selfhosted in Can I use two different drives?

Hardware or software (BTFRS, ZFS etc…) RAID?

TCB13 , 7 months ago to selfhosted in How should I secure my data on Nextcloud against physical attackers?

SSH into the machine, type the password to unlock and start whatever services you need. If someone shuts it down they won’t be able to get to the data then.

TCB13 , 8 months ago to selfhosted in How should I secure my data on Nextcloud against physical attackers?

You best bet is not to use Nextcloud in the first place because it will eventually fuckup your data. Same goes for Cryptomator (just google it), it tends do lose files with long names or in folders with a large number of files. There are instances where the vault never opens again also.

A very important thing to consider is that whatever file backend you’re using it should support inotify and fuse-based stuff doesn’t support it. ecryptfs is a good option to encrypt the data, doesn’t fail and it isn’t fuse-based. It’s old however and may not be supported by every system/kernel.

Why can’t you just created a data partition and encrypt with LUKS? Not full disk, just your data partition? VeraCrypt is another option.

TCB13 , 8 months ago to linux in Best practices in mounting NAS shares?

golinuxcloud.com/mount-partition-using-systemd/#S…

TCB13 , 8 months ago to linux in Best practices in mounting NAS shares?

golinuxcloud.com/mount-partition-using-systemd/#S…

TCB13 , 8 months ago to selfhosted in Why and when should I use LVM?

Just move to BTRFS and enjoy it all without LVM.

TCB13 , 8 months ago (edited 8 months ago) to selfhosted in Self-hosted calendar that isn't Nextcloud and can send e-mail reminders, not just pop-ups

You are right. I’ve some experience with tweaking Baikal’s code, maybe you can implement that notifications feature yourself? The code isn’t perfect and could be simplified… but it doesn’t seem very hard to implement what you’re looking for given their architecture.

TCB13 OP , 8 months ago to technology in Looking for Image Combiner - PhotoScape Alternative

Thanks for the suggestion. The best alternative I was able to find in that website was bggenerator.com/batch_image_combiner.html however it is payed and doesn’t show a preview of the output.

TCB13 OP , 8 months ago to technology in Looking for Image Combiner - PhotoScape Alternative

there is no inbuilt way to do this quickly but it is a trivial amount of work to achieve the same result.

Not trivial if you’ve to do it dozens of times. At some point I automated the task with ImageMagick but that’s also more pain than gain as most times I need to preview the output and adjust the number of cols/rows.

TCB13 , 8 months ago to technology in Why Bother With uBlock Being Blocked In Chrome? Now Is The Best Time To Switch To Firefox

Neither of which are mentioned in the article, for some reason.

What’s your point? The articles are about why you should avoid Firefox… not about suggesting alternatives.

TCB13 , 8 months ago to technology in Why Bother With uBlock Being Blocked In Chrome? Now Is The Best Time To Switch To Firefox

Because Chrome rendering and dev tools are effetely superior to Firefox. That’s why.

TCB13 , 8 months ago to technology in Why Bother With uBlock Being Blocked In Chrome? Now Is The Best Time To Switch To Firefox

Yeah, lets switch to questionable ethics company number 2 and shady finances.

• 12bytes.org/the-mozilla-monster/
• …locals.com/…/firefox-money-investigating-the-biz…

I used to use Firefox as my primary browser and sometimes even recommended it, but after all those articles I started digging a bit and doing research on what the browser calls and does and I was bit horrified. What I really don’t like about this Mozilla situation is that tech people tend to see them as the “all savior Mozilla” while, in fact, they’re full of shit.

If you do care about freedom and your privacy use LibreWolf or Ungoogled Chromium.

TCB13 , 8 months ago to technology in Fairphone has created a smartphone that owners can repair themselves - This sustainable smartphone aims to reduce global electronic waste

they certainly don’t care about their customers.

Yes, because if they did they would make sure to provide the security required by GrapheneOS.

TCB13 , 8 months ago to linux in What are the major components of any Linux distribution?

Systemd.