this post was submitted on 27 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I set up Nginx Proxy Manager just for general local security, but I'm behind CGNAT so I use ZeroTier (which I'm happy with). I have a Pi with NPM and Adguard plugged into my router, and a bunch of other Docker containers and other self-hosted programs on my main machine. I set up my domain with cloudflare, so mydomain.com points to my local npm address, 192.168.x.x, used the wildcard letsencrypt ssl so i can access my stuff from jellyfin.mydomain.com, adguard.mydomain.com, etc, then set up NPM to point each subdomain to it's correct service, so 192.168.x.x:8096 => jellyfin.mydomain.com. I also setup adguard with wildcard DNS rewrites.

However, I used wireshark to check if all was well, but the traffic between my main machine and my pi is unencrypted. This makes sense in retrospect, but kind defeats the point of what I was going for, since I have not-so tech savvy family members, and having the password for stuff like guacamole just floating around the LAN in plain text is kind of off-putting. I figured I'll just centralise the more important services on the pi since it doesn't have the http issue, or maybe expose the docker socket of my main machine with tls enabled? If there's another way of doing things, or if I've missed something, I'd be grateful for any advice, but I'd rather not have to deal with self-signed certificates.

you are viewing a single comment's thread
view the rest of the comments
[–] bufandatl@alien.top 1 points 1 year ago

I use traefik as reverse proxy in front of my services and have it generate let‘s encrypt certificates with dns-challenge. Do Inexpect MIM attacks at my home. No not necessarily because they would be physical access to my infrastructure but yeah having it this way feels just better.