Comment

Comment on Safebox: Open-source framework for managing self-hosted apps (Beta)

Alright so I’ll ask a hardball question or two. What precisely are you offering that isn’t just repackaged install scripts and a wireguard wrapper?

What is your / your teams background in software security? The implication of the name and your “branding” are selling a lot - what outside of docker and wireguard are you bringing to the table. On that note: why docker?

Further - you are paywalling remote access… *When your platform is utilizing wireguard. *

Netbird (one of many examples) doesn’t even do that… What’s the reasoning?

I have more but let’s start there.

source

Sort:hotnew top

survirtual@lemmy.world ⁨2⁩ ⁨days⁩ ago
The creator didn’t have a good answer, so there may not be a good one for this project. But the value proposition is actually there.

These self-hosted solutions are riddled with configuration options, often obscure requirements, and countless maintenance pitfalls.

For a disciplined tech person, it is no problem to install and maintain.

For people less disciplined or non-tech, self hosting is ill-advised and can be dangerous.

But even for a tech person, when you have enough docker-compose services laying around, it can start to get a bit overwhelming to keep it all up to date, online, and functional. If you change your router etc you have to recall how things were set up, what port-forwards you need, what reverse lookups, etc etc.

There actually is a gap in usability and configuration management. I could see a product that has sensible defaults that unifies config across these self-hosted services without needing to access the command line.

source
drebora@lemmy.world ⁨3⁩ ⁨days⁩ ago
Our software is basically a web app that makes it easier to install and manage supported third-party apps. Wireguard (currently) is only used for remote access, if you don’t need that you don’t have to turn it on.

For security, everything runs in an isolated sandbox using docker and that also answers your other question.

We do plan to offer a paid remote access service in the future, but it’s totally optional. The same goes for backups, they can be geo-redundant if you use our service, but these are optional feature.

source
- yggstyle@lemmy.world ⁨2⁩ ⁨days⁩ ago
  
  Our software is basically a web app that makes it easier to install and manage supported third-party apps. Wireguard (currently) is only used for remote access, if you don’t need that you don’t have to turn it on.
  
  Right. My point I was driving at is especially with such a diverse offering of wireguard services which do not charge for (effectively) VPN access to your own infrastructure - I was more interested in why your service would be looking to pay gate it as a “premium” feature.
  
  This would be different if we were talking you hosting all these services on your infrastructure but considering the marketing to homelab - I find it to be an unusual choice… And was curious as to the reason for the decision.
  
  For security, everything runs in an isolated sandbox using docker and that also answers your other question.
  
  Right. Docker does sandboxing. That’s a core feature it provides - I’m just trying to ascertain what precisely your company is actually offering outside of a ui wrapper on these established services.
  
  I mentioned earlier that your branding seems to emphasize security - but all I’m seeing is mention of existing security features inherent in the software being wrapped. Does your team do additional tuning for security? Do they have experience in infrastructure security, hardening systems, or the like? To be clear I just want to better understand the branding and what is being offered.
  
  the same goes for backups, they can be geo-redundant if you use our service, but these are optional feature.
  
  Alright so this is a feature that a homelab user can actually use - backups. Could you expand on how you will be managing this feature / plan to implement it once it is offered?
  
  source
  - gyurix@lemmy.world ⁨2⁩ ⁨days⁩ ago
    
    Alright so this is a feature that a homelab user can actually use - backups. Could you expand on how you will be managing this feature / plan to implement it once it is offered?
    
    Very good question, the backup/restore processes are under development. We would like to use the Borg backup for and prepared the backup services for access each others both local network and vpn network. You can find it takeing a look at the source code of the framework-scheduler repository (github.com/safeboxnetwork/…/entrypoint.sh # it is started at line 1339)
    
    source
  - gyurix@lemmy.world ⁨2⁩ ⁨days⁩ ago
    
    I mentioned earlier that your branding seems to emphasize security - but all I’m seeing is mention of existing security features inherent in the software being wrapped. Does your team do additional tuning for security? Do they have experience in infrastructure security, hardening systems, or the like? To be clear I just want to better understand the branding and what is being offered.
    
    Hi, I am one of developers from Safebox and would like to answer your security related questions: you have right, our Safebox platform contains only a HAproxy loadbalancer and Nginx backend proxies to route your domain based TCP packets and does not responsible for security of the 3rd party providers applications. That means Safebox is not more secure as the installed 3rd party applications, because if the application you install isn’t secure or you don’t take care of your passwords, then your data could still be stolen. But it does provide security in the sense that you know where your data is, and you know that it belongs to you.
    
    In addition we plan to develop a ‘homeguard’ plugin for Safebox to manage accessing the main platform and set individualy permissions via backend proxies to access the deployed 3rd party applications.
    
    source
  - drebora@lemmy.world ⁨2⁩ ⁨days⁩ ago
    
    So my point I was driving at - especially with such a diverse offering of wireguard services which do not charge for (effectively) VPN access to your own infrastructure - I was more interested in why your service would be looking to pay gate it as a “premium” feature.
    
    This would be different if we were talking you hosting all these services on your infrastructure but considering the marketing to homelab - I find it to be an unusual choice… And was curious as to the reason for the decision.
    
    Right now, we’re not charging anything for our service. In the future, if we do, it would only cover things like domain registration, proxy setup, and some extra features such as monitoring and traffic analytics.
    
    It’s important to mention that using our service isn’t required for Safebox to work. You can use your own domain provider, set up a VPS with a public IP, point your domain to it, and everything will work just fine.
    
    I asked our developer to answer your other question since he can give you a more accurate answer.
    
    source