view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.
-
AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Thanks to both of you, my same thoughts, but I also wanted to hear an outside perspective as I am not so well versed in IPv6. But it sounds reassuring. Shall I also consider exposing some HTTP/S services for media over IPv6 is also relatively safe, as long as I have MFA etc?
@filister You should keep in mind that every "normal" HTTPS certificate is recorded publicly (certificate transparency, see e.g. crt.sh). If you do expose services, you most likely won't get security by obscurity. You might be able to keep your services a bit more hidden when you expose them with IPv6 only, but not when you use a Let's Encrypt certificate with a proper DNS entry.
True, maybe the best way then is to expose them only within your Wireguard network.
Yes, that's fine as long as whatever you're hosting is designed to be safely used on the internet. Just keep it up to date and only expose the stuff you need to. I would suggest setting up fail2ban to block IPs that repeatedly fail to log in though. Depending on what you're hosting, you may need bot protection, but if all they can see is a login page, they shouldn't be too much of an issue.