ClownStatue

@ClownStatue@piefed.social

This is a remote user, information on this page may be incomplete. View original ↗

⁨Comment⁩ on ⁨Safely exposing services to the Internet⁩ ⁨⁨18⁩ ⁨hours⁩ ago⁩:
If you’re not going the VPS route it’s even easier. Pangolin handles the wireguard tunnel for you with a docket container running newt. Very straightforward.

My goals have been:
1. Avoid opening ports on my home network.
2. Don’t require people using my services to join my Tailnet (or some other VPN).
3. Require 2FA/passkeys (via Authentik for the moment) on anything that’s publicly accessible.
There’s plenty of YT stuff out there for Pangolin, but I haven’t seen a lot for their cloud service. Personally, I prefer it to self-hosting it. Similar to tailscale, the free tier meets my needs, and their security team is (hopefully) more competent and better staffed than… me.

Of course, you get what you pay for, but I see this as a similar position as Tailscale & Cloudflare. With my free account, I’m piggy-backing off the security infrastructure of their enterprise offerings. Obviously I don’t get all the fine-grained controls of those tiers, but like the other two companies, they have a reputation to uphold, and from that perspective a breech is a breech. Even if it only affects free tier users, it makes them look bad.
⁨Comment⁩ on ⁨Safely exposing services to the Internet⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Pangolin handles proxying (it runs traefik under the hood) and cloudflare-like protection (crowdsec). I did self-hosting it, but the free tier does what I need.

It does set up a wireguard tunnel between itself and the Newt resources you set up. That’s hard for proxy traffic. I have Tailscale set up for any other traffic between my resources.

I asked a similar question as you a few months ago (I think in this community), and one of the responses kind of put the fear in me. I went forward anyway, and never really did anything with my VPS. I’m still setting this new arrangement up, but so far really happy with it.
⁨Comment⁩ on ⁨Safely exposing services to the Internet⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
I used swag, dockerproxy, and cloudflare in the past. That allowed me to run things without exposing ports on my home router.

I recently moved to Pangolin cloud. Still not exposing any ports on my home server. Also repositioned my VPS to use pangolin as well. Haven’t hashed out the details, but the idea will be to allow port 443 on public IP, and anything else over tailnet.

Moral of the story: look very hard for ways to do what you want to do without having to expose ports on your router. Unless you want your hobby to become your second job. I enjoy self hosting. I don’t enjoy being paranoid about some script kiddie pummeling my setup with some AI-generated attacks while I’m asleep.