androidul
@androidul@lemmy.world
- Comment on Security considerations about hosting Immich from home 2 weeks ago:
assuming that you’re to expose that to the Internet, my recommendation is to deploy only
- WAF solution, such as github.com/corazawaf/coraza-caddy
- bot blocker such as anubis.techaro.lol/docs/admin/environments/caddy
complicate the setup too much and it’s going to rather be more painful to maintain and also much easier to misconfigure.
The WAF covers OWASP Top 10 so that should give you around 70% protection which is still better than nothing
- Comment on Why I moved my Plex library to Jellyfin after 14 years 2 weeks ago:
hmm I wonder if it’s because of the recent subscription hike … hmmmm
- Comment on The first publicly open instance 3 weeks ago:
I was pondering the same for last couple of days and had some thoughts on how to make it feasible. My research led me so far to 2 prerequisites:
- must have Anubis in front
- must have a WAF solution in place that covers at least OWASP Top 10
I found pretty good Caddy documentation that covers both, so I think I’ll deploy a secondary Caddy reverse proxy that’ll perform such ops for public facing services.
Of course, I currently have only 1 Caddy instance reverse proxying my internal services, haven’t reached the part on traffic handling when my devices are connected to the “safe network” (aka my home LAN)
- Comment on Plex’s price hikes prove I was right to switch to Jellyfin 1 month ago:
I started selfhosting just because throwing cash on subscriptions at big corpos is not feasible since subs are increasing on a year-on-year basis. To my mind, if I’m going to self-host to yet again pay sub prices defeats the sole purpose of selfhosting.
That money you can pocket and invest in your own hardware for spare parts, upgrades & the like