Comment on Searching advice for selfhosting critical data
hamsda@lemm.ee 1 week agoI’ve done nothing special regarding security and have it exposed to the public internet. I intend on having fail2ban look at its logs but I’ve not yet set that up
That sounds kinda dangerous. I remember years ago, when I rented my first vcloud-server, within the first 10 minutes I had bots trying to get in via SSH. I’d be way too paranoid.
I would recommend having it entirely behind a VPN
Yes, that’s my plan. I intend to create a new OpenVPN server on my pfSense with access only to the nextcloud VM. This would also allow me to share the vpn config files with my friends without a password, as the authentication is done by inline-cert vpn config.
themachine@lemmy.world 1 week ago
You’ll always have bots knocking on your doors. In general keep the doors locked and you are fine.
I highly recommend trying tailscale with headscale over openvpn.
hamsda@lemm.ee 6 days ago
Is a vpn inside a vpn really improving security at all? Or is there a different reason to use tailscale inside a vpn?
themachine@lemmy.world 5 days ago
No i mean instead of OpenVPN i would recmmend you look into using Tailscale. If you want to fully self host it then you can run the open source control plane calles Headscale instead of relying on Tailscale’s (the company) free service tier om their own control plane.
The Tailscale client and server are also open source.
hamsda@lemm.ee 5 days ago
Ah, that sounds more interesting. I still have time until I buy everything, there’s still going to be a lot of research, especially with all the ideas and feedback people have given me in this thread.
I’ll definitely try it, thanks!