Comment on Searching advice for selfhosting critical data
themachine@lemmy.world 1 week agoHaven’t had any issues whatsoever.
I’ve done nothing special regarding security and have it exposed to the public internet. I intend on having fail2ban look at its logs but I’ve not yet set that up (entirely out of laziness).
If you want to be very secure I would recommend having it entirely behind a VPN. I personally use tailscale+headscale for my internal only services but like I said I have Nextcloud publicly exposed as I want to be able to access it from potentially any device.
hamsda@lemm.ee 1 week ago
That sounds kinda dangerous. I remember years ago, when I rented my first vcloud-server, within the first 10 minutes I had bots trying to get in via SSH. I’d be way too paranoid.
Yes, that’s my plan. I intend to create a new OpenVPN server on my pfSense with access only to the nextcloud VM. This would also allow me to share the vpn config files with my friends without a password, as the authentication is done by inline-cert vpn config.
themachine@lemmy.world 1 week ago
You’ll always have bots knocking on your doors. In general keep the doors locked and you are fine.
I highly recommend trying tailscale with headscale over openvpn.
hamsda@lemm.ee 6 days ago
Is a vpn inside a vpn really improving security at all? Or is there a different reason to use tailscale inside a vpn?
themachine@lemmy.world 5 days ago
No i mean instead of OpenVPN i would recmmend you look into using Tailscale. If you want to fully self host it then you can run the open source control plane calles Headscale instead of relying on Tailscale’s (the company) free service tier om their own control plane.
The Tailscale client and server are also open source.