Self-Hosted Main

504 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

Nervous About Opening Ports... (alien.top)

submitted 1 year ago by cap10canuck@alien.top to c/main@selfhosted.forum

10 comments fedilink hide all child comments

...and even wondering if I really need to. I am often guilty of making that "one tweak too many", breaking a nice, working system in the process!

I have everything set up according to the best walk-throughs I can find. Have dockerized containers for Nginx Proxy Manager, Authentik and a ton of the standard *arr apps and tools (using OMV as a NAS). Have my own domain name, hosted on Cloudflare, with CNAMES set up, proxied through Cloudflare, pointing back to my main record. I can do full domain name resolution inside my home network, with working HTTPS connections to all my app web GUIs. I also have the ability to private VPN into my home network, using Wireguard, OpenVPN or IPsec.

I would probably be happy to continue to use my VPN connection to the home network when I am remote, BUT... I really would like to give Overseerr access to a couple of remote family members that have access to my Plex library (populated by Sonarr/Radarr). My finger often hovers over the Port Forwarding option on the router, but I ultimately chicken out. Am I being paranoid?? Should I just educate my family members on how to connect to my network via VPN? Anyone else made this choice? Looking for success (and maybe horror) stories before I potentially proceed.

you are viewing a single comment's thread
view the rest of the comments

[–] jerwong@alien.top 1 points 1 year ago (2 children)

You'll be fine. It's exactly what I do. Just keep any exposed services up to date. NPM also has a very rudimentary blocker that mostly relies on UA and bad strings getting passed through. You can turn that on. Open up only services that need to be exposed e.g. don't expose sonarr/radarr unless there's a good reason for it. Make sure anything you expose that doesn't have any sort of authentication can have it implemented in nginx or you can use an SSO solution.

I expose strictly needed services while everything else is just internal. Exposed services include jellyfin, jellyseer (jellyfin version of overseerr), and nextcloud.

[–] cap10canuck@alien.top 1 points 1 year ago (1 children)

That is almost exactly what I would like to do, but with Plex/Overseerr. I am curious, do you run any type of intrusion detection s/w, or have you set up fail2ban?

[–] jerwong@alien.top 1 points 1 year ago

I have fail2ban for SSH but I haven't tuned it for nginx yet. I've worked with OSSEC which has a fork called Wazuh which I've been wanting to set up.