21

As I'm learning more and more about self hosting, I've read repeatedly that the safest option for internally hosted services is to use a VPN from your mobile device (laptop, cell) and connect to your server(s) as needed when outside of your network. That brings me to a predicament of sorts.

Tools like Seafile, Nextcloud, Pydio, and CryptPad offer great collaborative features as well as easy sharing from these services. But if you're not exposing any of these services to the web, how would you share documents or files easily with those outside your network? The share functions will generate a link with your IP:Port, or in my case, a domain name that is only internal. I know you can download a copy and email it separately, but that is a bit clunky. Is there a service or another FOSS app I'm overlooking that allow you to 'publish' items to an external friend or team member in a safe manner?

I've not yet decided on which solution I'm going with. But in the case of CryptPad it seems secure that I would be comfortable hosting externally making this question moot. But I'd likely host it on a VPS instead of my home server just for another layer of separation.

top 20 comments
sorted by: hot top controversial new old
[-] anzo@programming.dev 6 points 1 year ago* (last edited 1 year ago)

I use runtipi.com (posted here already) with cloudfare as tunnel.

If I wanted to use my own wireguard tunnels, like you, I might have used https://gitlab.com/cyber5k/mistborn#what-is-mistborn

[-] Father_Redbeard@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

Ooh that Mistborn is clever! Thanks. I am currently using Wireguard from my phone to the server. But obviously that's just me.

I did try to spin Tipi up on both home server (unRAID) and my VPS (Ubuntu 20.04) and could not get it to play nice. Looks like a great solution though.

[-] energetic695@lemmy.ko4abp.com 1 points 1 year ago

wow, never heard of this before. looks amazing

[-] furrowsofar@beehaw.org 5 points 1 year ago* (last edited 1 year ago)

Put them on a VPS at a place like Linode. I frankly would not want to run internet facing services on my personal connection. Nor would I want the server on my lan unless I put it on a separate subnet that was firewalls from other stuff.

[-] Father_Redbeard@lemmy.ml 2 points 1 year ago

Good idea, definitely leaning that way. Thanks!

[-] furrowsofar@beehaw.org 2 points 1 year ago

The other thing is that you can favor end to end encyped stuff. Send for example which is the follow on to Firefox send. I actually use Bitwarden send to send files for example which comes with the Bitwarden paid plan.

[-] Father_Redbeard@lemmy.ml 1 points 1 year ago

I am on the Bitwarden paid plan and didn't realize there was a send function. That's awesome!

[-] furrowsofar@beehaw.org 1 points 1 year ago

Actually send was why I joined. Loved Firefox send. There are still random people that host send instances but to be secure you have to trust the server delivering the upload and download page including the server not being cracked. I think I trust Bitwarden not to screw that up at least as much as anyone else. Probably more then I would trust the security of my own VPS.

[-] Father_Redbeard@lemmy.ml 2 points 1 year ago

That's fair. I signed up for the premium sub so I could have emergency contacts in the event I either forget my master password or something happens to me. So until you said something I was completely unaware that it was a service they offered!

[-] briongloid@aussie.zone 1 points 1 year ago
[-] Father_Redbeard@lemmy.ml 2 points 1 year ago

I have one with Rack nerd at the moment that I can mess with. Not impressed with their customer service but it was a $12/yr VPS so I'm not complaining too much.

[-] briongloid@aussie.zone 1 points 1 year ago

What spec does that get you? I've tried cheap 512mb 1 vCore before and it wasn't adequate.

[-] Father_Redbeard@lemmy.ml 2 points 1 year ago

They still have their New Year's deal going here and I bought the middle tier for $12.98/yr

* 1 vCPU Core
* 25 GB Pure SSD Storage
* 1 GB RAM
* 4000 GB Monthly Transfer
* 1Gbps Network Port
* Full Root Admin Access
* 1 Dedicated IPv4 Address

Its been working very well but I'm currently only running Miniflux and Wallabag on it. I tried Nextcloud but found it too much for my needs and was unhappy with the performance. I'm going to try Cryptpad as well as Tipi on it soon. Bear in mind this is my first VPS ever. So I'm far from an expert but this has been a great/inexpensive entry point. And to be fair to their customer service, they replied very quickly. But there was a fairly significant language barrier I think over email. But I was able to get it worked out after a half dozen emails.

[-] briongloid@aussie.zone 1 points 1 year ago

I'm considering 1.5GB for $16.88 per year, comes with a little less monthly transfer but I don't think I will need the difference.

[-] YurkshireLad@lemmy.ca 1 points 1 year ago

Hetzner might be cheaper, but it might be more susceptible to performance issues. I used to use Netcup, which is also cheap, but isn’t VPS would get very slow from time to time, even though my usage was minimal.

[-] Appoxo@lemmy.dbzer0.com 5 points 1 year ago

Risk vs Ease of use. You need to decide if one is worth the other.
I have all my stuff exposed but is hidden behind 2FA.

[-] anzo@programming.dev 3 points 1 year ago

Also, consider resources - costs ratio. Self host (+routing through vps) allows you tu have lots of power with low costs.

[-] Father_Redbeard@lemmy.ml 2 points 1 year ago

Very true. I didn't know if there was some sort of "secure share" that could be leveraged without exposing the main app. Say Seafile, for example. Where a secure link is created and can be sent. I envisioned hosting something like that on my VPS and Seafile (or other) on the home server without exposing it. But reading more about CryptPad, that may be the ticket. Seems plenty secure to host on the web so I may go that way if no other options exist.

[-] NightAuthor@beehaw.org 5 points 1 year ago

I thought a reverse proxy was meant to kinda help mitigate some of the threats of having exposed services….

Idk, I’ve got a domain and a reverse proxy with minimal services exposed to the internet. And those services require a login.

[-] Father_Redbeard@lemmy.ml 1 points 1 year ago

On another thread someone brought up the point that if running multiple services on a server that touches the Internet and one is compromised, the server could be as well. I only started selfhosting early this year, so I am by no means an expert though.

this post was submitted on 27 Aug 2023
21 points (100.0% liked)

Free and Open Source Software

17915 readers
66 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS