He he didnt but thats what he meant
I mean 99% of users use reverse proxy for https public access
Also read the threat replies …
That’s what this thread is about
…
No?
ippocratis
- 3 Posts
- 39 Comments
Joined 2 years ago
Cake day: August 2nd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Yes that’s exactly what they do
The funnel exposes your local services to the public over https . Like what you want to accomplish with reverse proxy . Its just more straightforward for a beginner.
Personally I closed my router ports and switched to tailscalr funnels after using caddy with mutual TLS for years.
While using a web server before your self hosted micro services is the obvious answer and caddy the easier to configure, as a beginner you should also consider taiscale funnels. You dont need to mess with router stuff like port forward or caring if you ISP have your router behind a cgnat which is kinda norm nowadays , also dont have to care for a domain name dynamic DNS stuff . You could have a look to my quick how to . All you need is running a script , the ports and desired names of your subdomains and your tailscale auth key. https://ippocratis.github.io/tailscale/
6·8 months agoHeadscale does not support funnels unfortunately
Tailscale is not completely foss.
2·2 years agoSame as above its a speech to text engine not a recorder but honestly thats all you need
“But, thinking about it now, I doubt it will actually affect the feature”
It will not
We don’t need to import a custom CA authority here just to insatll a client cert
Vaultwarden behind mutual tls and reverse proxy and https://github.com/oguzhane/bitwarden-mobile until https://github.com/bitwarden/mobile/pull/2629 is merged
But honestly all services you mentioned are worthy.
Anything that fits your needs imao
I use https://github.com/dgraziotin/docker-nginx-webdav-nononsense
There are many dockerised fileservers
OMV is quite limiting and maybe a little heavy for the pi(?)
Docker is straightforward Idk what to say You install docker and docker compose on host and run some compose.yml’s to spin up your services
RPI4/400 is perfectly capable as a little home server. All it needs is a good SD card.
Owntracks,photoprism,monocker,brave go m-sync,libre photos,wallabag,radicals e,Baikal,Firefox sync,Joplin web,webdav server,jellyfin,vaultwarden,wireguard
Davx⁵ has Mac OS caldav carddav server integration so you can sync with it.
https://www.davx5.com/tested-with/calendar-and-contacts-server
On android you can use simple calendar or etar to view calendars and “tasks” or jtxboard for tasks/journals
Icard is actuality the only alternative that can register as a contactless nfc payment that not relying on google/Apple wallet and its perfectly safe. It’s an actual bank in Bulgaria and is eu regulated and PCI certified
Not Foss. Kinda of a privacy nightmare as you need to verify your identity and location with actual documents but as already said its not google and is a solid option if you are degoogled.
Your options in aftermarket OS fall in to 3 categories imao
-
those that support relocking the bootloader (grapheme,calyx,divest, other smaller projects maybe)
-
vanilla roms with signature spoofing permission so that you can have microg on them. Some even come with microg preinstalled (/e/,lode,Los4mg) And some are gmscomat compatible (voltage,awaken,spark). There are plenty but they don’t care about signed images and relocking.
-
some unofficial build from any of the above from a maintainer that cares to sign his own images so that you can relock your BL as your device supports it.
-
Channels and groups are not encrypted in tg. Like this community we now chatting is not encrypted. I dont see anything wrong in that. For the tg encryption security audit , i think its beyond the purpuse of the channel i made so idc.
I dont even know what am i suppost to see here. Global search?
Ok I’m not any networking expert but I think you are overestimating the risk here.
Opening a port doesn’t mean you are opening your whole home network just the specific services you want. And those not directly but with a web server in front of them . Web servers talked in this tgread that sit in front of open ports are well audited . I think that measures like mtls a generic web server hardening are more than ok to not ever be compromised.
But yeah I’m surely interested to listen if you could elaborate.
Thanks