this post was submitted on 27 May 2024
48 points (94.4% liked)

Selfhosted

39964 readers
268 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi!

I often read suggestions to use something like Tailscale to create a tunnel between a home server and a VPS because it is allegedly safer than opening a port for WireGuard (WG) or Nginx on my router and connecting to my home network that way.

However, if my VPS is compromised, wouldn't the attacker still be able to access my local network? How does using an extra layer (the VPS) make it safer?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 5 months ago (2 children)

I self host because i do not trust companies. I will not even consider giving tailscale the keys to my kingdom.

The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.

Understand the technology that you use and assess your use case and threat model.

[–] [email protected] 14 points 5 months ago (1 children)

The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.

One must be careful about this mindset. A bunch of smart lightbulbs that are individually operated aren't a particularly appealing target either. However, in aggregate... If someone can write a script that abuses security flaws in them or their default configuration ... even though you're not part of a big centralized target, you are part of a class that can be targeted automatically at scale.

Self hosting only yields better security when you are willing to take steps to adequately secure your self hosted services and implement a disaster recovery strategy.

[–] [email protected] 8 points 5 months ago

To add to this, self-hosting is also best when you minimize everything - limited service, with limited functionality, on dedicated hardware that doesn't share access to your internal network or storage. Folks who use point-and-click apps to install a half dozen unauthenticated docker containers, all open to the internet, running on the same PC they store the only copy of their family photos and music/movie collection on... make me crazy.