Comment on Jellyfin over the internet
dbtng@eviltoast.org 1 week agoWell, I might as well put a dog in the fight. I’m considering my final, actually secure deployment of nextcloud.
This discussion has convinced me that a vpn is the only answer.
And almost everyone says wireguard.
K. Thats what I will build.
EncryptKeeper@lemmy.world 1 week ago
It’s not the only answer, but it’s the one that will get you the most secure with the least amount of effort.
dbtng@eviltoast.org 1 week ago
Ya. I understand VPN.
Nailing down a web server tho … there’s so many ways to attack. There’s so many things to secure. And its a bit complex to manage all that.
The nextcloud site covers hardening the server, but doesn’t even mention vpn.
I’ve been watching threads like this. I’m pretty convinced vpn is the answer.
EncryptKeeper@lemmy.world 1 week ago
Yeah Nextcloud won’t mention VPN for hardening because the assumption is you want it publicly accessible.
I have a number of things publicly accessible and there are a number of things I do to secure them. crowdsec monitoring and blocking, a reverse proxy with OIDC for authentication, a WAF in front of it all. But those are only for the things I have exposed because I want other people to use them. If it’s something just for me, I don’t bother with all that and just access it via VPN.
dbtng@eviltoast.org 1 week ago
Ok. Yes, my use case is a private document and media store. I’m ungoogling.
VPN seems like a good place to start. But I’d like a simple answer, and I expect there are none to be had. As you’ve illustrated here, I’ll find a reason to punch holes in the firewall. And then I’m going to need to secure a web server. Life happens. I’ll keep it simple for now while I sort things. Thanks for your perspective.