These are some quick n’ dirty instructions so people can get up and running fast.
I wish I had known this was possible sooner.
Not sure how much you’re paying for your VPN, but a virtual private server can be had for about $5 per month. You’ll get a real IPv4 address just for you, so you won’t have to use non-standard port numbers. (You can also use the VPS as a self-hosted VPN or proxy.)
$5 per month doesn’t get you much processing power, but it gets you plenty of bandwidth. You could self-host your server on your home computer, and reverse-proxy through your NAT using the VPS.
possiblylinux127@lemmy.zip 11 hours ago
You you setup a proper domain and https for your website instead of having a random IP address and port.
Don’t visit http pages in 2025. It is a major security risk.
EncryptKeeper@lemmy.world 3 hours ago
There’s no security risk viewing this bit of html lmao
possiblylinux127@lemmy.zip 1 hour ago
How so?
Data send back isn’t validated so someone could tamper with the data. A bad actor could add soke arbittary Javascript plus ISPs have been caught inserting marketing materials into pages.
From a privacy perspective it is also bad as not only does it include your user agent in plain text it doesn’t have any encryption on page contents which allows your ISP to snoop on what you are doing.
All of these reasons are while we moved to https. X.509 certs are free and trivial to setup with Caddy or any other Reverse proxy/web server.
surewhynotlem@lemmy.world 3 hours ago
I’ll bite.
The risk is training people in bad behaviors, and then having those people do stupid things like type in a password.
null_dot@lemmy.dbzer0.com 6 hours ago
LOL. On the scale of risky things I’ve done today, visiting this guy’s http website barely rates a mention.
Someone posts about something they’ve learned and the best you can do is dump on them about whatever thing in order to demonstrate to everyone your superior knowledge.
Everyone starts somewhere.
possiblylinux127@lemmy.zip 54 minutes ago
I’m down to help people get https set up. I’m not trying to dunk but rather I’m trying to make the internet a safer place by reducing attacks and mass surveillance.
EncryptKeeper@lemmy.world 3 hours ago
Let’s be real, this guy has no knowledge. He’s just yet another security parrot who doesn’t even understand the why behind the things they’re regurgitating.
humanoidchaos@lemmy.cif.su 11 hours ago
Thanks.
It’s my understanding that https provides encryption for the data sent between you and the server. If you’re not sending any sensitive data, then the encryption shouldn’t be necessary.
Don’t get me wrong, encryption is great even when it isn’t necessary. For my demonstration purposes though, I chose not to include it.
I also believe it’s possible to set up HTTPS encryption without a domain name, but it might result in that “we can’t verify the authenticity of this website” warning in web browsers due to using a self-signed certificate.
possiblylinux127@lemmy.zip 48 minutes ago
You can pickup a cheap domain from gen.xyz. The cheapest domain is $0.99 which is pretty affordable especially since you probably are already paying for a internet connection.
Once you have the domain you can point it to your IP and then set port 443 on that address to point to Caddy. On Caddy you can either configure it as a server or use it as a reverse proxy to point to something else.
Security wise I would put all of this on its own vlan with ACLs to control access. If that sounds confusing start with https.
possiblylinux127@lemmy.zip 10 hours ago
That is a pretty bad take as all data is sensitive. Https also provides integrity to prevent man in the middle attacks.
stratself@lemdro.id 11 hours ago
Let’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow
drspod@lemmy.ml 6 hours ago
Anyone with the ability to inject or modify packets in the network path between server and client can inject malicious javascript or browser exploits into an unencrypted HTTP TCP stream. The client’s User-Agent and other headers would allow the attacker to customize their attack to target that specific browser version, and compromise the client machine.
ComradeMiao@lemmy.world 11 hours ago
It takes two seconds to get https and 10 bucks a year for a domain. Come on
N0x0n@lemmy.ml 6 hours ago
Just create your own rootCA and IntermediateCA and sign your certificate with those, put the CA in your trust store of your system and get rid of this self-signed warning on every device and happily access all your service via: *.home.lab or whater ever local domain pleases you.
SMillerNL@lemmy.world 7 hours ago
As others have pointed out, everything can be sensitive. If I’m self hosting nextcloud instance with chat that under British law should check for age… self hosting is now sensitive.
In addition to that, without a secure connection you’re stuck with HTTP/1.1 from 1999 instead of the modern 2 or 3 versions.
You can: letsencrypt.org/…/issuing-our-first-ip-address-ce…