I’ve been researching zero-trust for my homelab recently and I’m considering OpenZiti instead of Cloudflare since I think it can all be self-hosted. The BrowZer from OpenZiti is especially interesting to me. The fact that I’m behind CGNAT is a hurdle though.
Comment on [deleted]
PlutoniumAcid@lemmy.world 4 months ago
Zero trust, but you have to use Amazon AWS, Cloudflare, and make your own Telegram bot? And have the domain itself managed by Cloudflare.
Sounds like a lot of trust right there… Would love to be proven wrong.
min@lemmy.sdf.org 4 months ago
sugar_in_your_tea@sh.itjust.works 4 months ago
Yeah, I practice ZeroTrust principles w/o using any of the above. I use Docker networks to associate services and their data and restrict them from accessing services/data they don’t need. I use HAProxy at the edge to route requests to specific nodes in my network, and all of that operates over my own WireGuard VPN. I’m working on creating VLANs for my network to further segment things, so I can dictate which devices can access which resources. For continuous monitoring and alerting, any separate device connected to my VPN would work (haven’t yet configured that); I personally don’t bother because my SO/kids will tell me if something they use goes down, and knowing a few minutes earlier wouldn’t matter.
You really don’t need AWS, Cloudflare, or Telegram for any of this. That said, it is interesting to read through when crafting your own solution, if only to check which parts you have and what parts you may have forgotten.
Dnb@lemmy.dbzer0.com 4 months ago
You can trust zero of it. Is that not the same?
mosiacmango@lemm.ee 4 months ago
ZeroTrust is a specific type of network security where each device has its access to other devices validated and controlled, not a statement on the trustworthiness of vendors.