Is exposing it to the internet not an option? Boarding more family members on could be cool.
Comment on What's up, selfhosters? - Sunday thread
MonkeMischief@lemmy.today 6 days ago
I have a family member across the country that wants to break from Google and really isn’t the type to self-host themselves, and I connect to my self hosted NextCloud solely through TailScale.
NextCloud permissions seem easy enough, but I’m researching how to add them to my Tailnet safely to avoid potential compromise of my network if something happens to their system.
Presuming this involves ACLs, which look intimidating, but I’m doing some research on that.
tofuwabohu@slrpnk.net 6 days ago
sugar_in_your_tea@sh.itjust.works 6 days ago
I expose mine for convenience, and I use multiple layers of security to reduce risk:
- Cloudflare protections at edge
- IP filtering at VPS
- connection from VPS to NAS is over Wireguard
- TLS handled in my network (so no snooping at VPS)
- all exposed services are in containers with minimal access
That cuts most of the issues.
MonkeMischief@lemmy.today 5 days ago
It might be some way, however not easily. My mega-corpo ISP blocks incoming connections on common hosting ports, because they want to
keep the network safesell expensive home-business plans. LolI’m also very amateur at this as I go along, and I’m not sure I’m ready to deal with the fallout of missing some security step and getting my server botted or ransomwared lol.
I haven’t done the hardware stuff with setting up my own router/firewall box either, for instance.
So Tailscale works really well for me by seemingly magically bypassing a lot of that nonsense and giving me less to worry about. They allow 3 users for free, but have a relatively inexpensive family plan for like 6 users as well, if that becomes necessary.
I mainly just need to tell them not to try and use my server as an exit node if they’re across the country 😂.
But yeah definitely, I’m using this as a way to test the waters for running service alternatives as the web we knew collapses around us lol. I’m not ready to be running something people really rely on yet, though. :)
rumba@lemmy.zip 6 days ago
ACLs are not a bad as they look.
Get your nextcloud instance hooked into tailscale
You just need a sample file
Group for admins, add yourself
Tag owner for internal is admins Tag owner for nextcloud is admins
Action accept, src admin, dst :
Action accept, src nextcloud, dst nextcloud *.
Then tag your nextcloud ts connection as nextcloud in the webadmin
Tag all your other clients admin in the webadmin
MonkeMischief@lemmy.today 5 days ago
Thanks! This is very helpful! I really appreciate it! :D
rumba@lemmy.zip 5 days ago
No problem. They really should spend about 10 hours having somebody make a GUI for it