Comment

Comment on How do you all handle security and monitoring for your publicly accessible services?

With Wireguard there’s really no reason.

Well, that’s kinda of a personal choice. If somebody needs to have services accessible by someone else besides him, that service can’t be behind a VPN (let’s face the truth: we know that we can’t ask all out relatives and friends to use a VPN).

source

Sort:hotnew top

KairuByte@lemmy.dbzer0.com ⁨1⁩ ⁨week⁩ ago
There’s also something to be said about some services being cordoned off in a VPN while leaving some public with security. I don’t necessarily want everyone within my full network if all I want is to share one service with them.

source
- peregus@lemmy.world ⁨1⁩ ⁨week⁩ ago
  For that, you can restrict access to a single service with iptables.
  
  source
  - Xanza@lemm.ee ⁨1⁩ ⁨week⁩ ago
    This is effectively the same damn thing with a single exception. If your VPN is down, there’s no access to your server. If for whatever reason your firewall is down, there’s unrestricted access to your server…
    
    VPN is unquestionably the correct choice 100 times out of 100.
    
    source
    peregus@lemmy.world ⁨1⁩ ⁨week⁩ ago
    
    If for whatever reason your firewall is down, there’s unrestricted access to your server…
    
    I don’t know what kind of firewall you use, but if my firewall is down there is NO traffic at all passing through!
    
    And by the way, since I’ve replied to someone that don’t want to use VPN because he doesn’t want to give access to the whole network, I meant that he could use a VPN AND iptables to restrict the guest access to single services instead of the whole network.
    
    source
    -> View More Comments
Xanza@lemm.ee ⁨1⁩ ⁨week⁩ ago

If somebody needs to have services accessible by someone else besides him, that service can’t be behind a VPN

Again, this is the reason VPS’ exist. If that person needs access, then setup Wireguard…

It’s like saying you don’t need a front gate with an access code because then you would have to give out your own access code. But I mean, the lock has the ability to setup more access codes. And you’re saying the only viable option is the leave the gate open and hire a guard to manage access. It’s just… Weird and wrong.

source
- peregus@lemmy.world ⁨1⁩ ⁨week⁩ ago
  
  Again, this is the reason VPS’ exist.
  
  What? What’s the difference between a VPS and your home server? You may say that’s a good practice to separate things, so maybe have a a VM with public facing services and another with more private stuff reachable only with a VPN. But for something like Nextcloud, it needs to be public (if you’re not the only one using it), but it contains personal stuff and then comes the OP request!
  
  source
  - Xanza@lemm.ee ⁨1⁩ ⁨week⁩ ago
    
    You may say that’s a good practice to separate things
    
    You’re missing the point. VPS isn’t about separating anything… I’m not even sure what you mean by that. VPS is the accepted practice here. Unquestionably. You create private services, and for security you only expose them to the least amount of people possible. You authenticate via VPS connections. You only have to maintain a single database of users to access any number of services, even tens of thousands.
    
    OP is specifically talking about hosting local content that they want to protect. VPS is the solution here.
    
    source
    peregus@lemmy.world ⁨1⁩ ⁨week⁩ ago
    Well…if you edit your post after someone has replied to it at least specify what’s you’ve edited and don’t pretend that the answer that somebody else has already given you wasn’t about your non edited post!
    If you (my mistake) wrote VPS instead of VPN, you can’t pretend that I’ve answered about VPN!
    If you can convince your family member and your friends to use a VPN to use your service, that’s good for you, and I mean it!
    But saying that it’s quite impossible to do that, I think that I’m speaking for 99% of the self hoster (is this correct in English? Bah, you got me!)
    
    source
    -> View More Comments