this post was submitted on 04 Mar 2024
70 points (100.0% liked)

Selfhosted

40329 readers
368 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm not great with Docker or networking, so when I picked up an n100 mini pc for self hosting I installed Ubuntu and Tipi to get started.

I used Tipi to install Immich and forwarded my ports, then setup cloudflare tunneling to expose it to the internet. Currently I'm migrating from Google Photos.

But since I'm new to this I'm worried about exposing Immich to the internet without really knowing what I'm doing. Any suggestions on ways to monitor my setup to make sure nothing goes wrong or gets hacked? Ideally any application suggestions would come from the Tipi app store but I'm willing to learn if there's no other option. Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] wildbus8979@sh.itjust.works 27 points 8 months ago* (last edited 8 months ago) (2 children)

First, I would caution against exposing services to the internet. It would be far better to leave everything behind a VPN that only you or trusted peers can access.

Past that you can use tools like OSSEC, Snort, and fail2ban.

[–] ShunkW@lemmy.world 3 points 8 months ago

Yes, a VPN with strong authentication is what you want.

[–] sacbuntchris@lemmy.world 3 points 8 months ago* (last edited 8 months ago) (3 children)

Thank you. Is leaving everything behind a vpn what Tailscale does?

[–] BearOfaTime@lemm.ee 6 points 8 months ago* (last edited 8 months ago)

Tailscale is a mesh network. It's all encrypted, like a VPN, but not exactly the same thing.

It's kind of like each member of the network having a VPN connection to every other member of the network.

Tailscale has a neat feature called Funnel, which funnels specified inbound traffic from the internet to a specific resource/service/device.

That traffic is encrypted too, starting from the entry point (which is hosted by Tailscale).

This can be useful for example, for something like Nextcloud, so clients don't have to run the Tailscale app to get access.

[–] Player2@lemm.ee 1 points 8 months ago

That's what I do, everything local only and then remote access through Tailscale