You can setup a tunnel from your Hetzner VPS to your home with say Netbird and then run stuff that would be a bit to expensive to run on rented hardware. Like say Nextcloud, Matrix or game servers, on your RPi while still having them web accessible thanks to the tunnel.
ninjan
joined 1 year ago
Worth noting that for new releases far from everything gets released online, and overall the arr focus is on lossless which is the gap in the market. So if you're a (digital) Audiophile with high-end DACs and Headphones then yeah sure, but if you're not and just want to listen to music then no, it's not worth it in my opinion. It's harder to share a banger with a friend, you'll be late to the party when someone new is discovered and you'll need to curate your own playlists all the time. Not to mention filling up your drive with album tracks you're going to listen to once at most.
And I explicitly said "unless you want to rely on a big player".
Personally I'm very fed up with AWS, Cloudflare and Google virtually owning the modern Internet. I selfhost to get away from their spying and oligopoly so routing DNS through them is simply out of the question, for me.
And really it's not that hard these days with pre-packaged Docker containers. I have a fairly complex setup and while I have put hours into it it wasn't rocket surgery by any means. It's also quite healthy to understand how DNS actually works if you work with the Web imo.
DNS is plenty secure due to its simplicity and age. From the perspective of securing your server that is. DNS has numerous flaws when it comes to security in terms of can you trust the resolved name. But that is another matter.
I'd be more worried about the gui, keep that behind a secure proxy or don't expose it to the internet at all if we're talking a server at home.
I run my own DNS and it's virtually a prerequisite if you want to host stuff under a personal domain in a smooth fashion. At least if you don't want to rely on a big player like say Cloudflare.
The fuck is he on about?
Smells like windows if End is God Tier but Home isn't. On the command line being without either would kill my speed something fierce
No. Also use at your own risk, read their privacy policy.
I'm unsure what you're asking for? You could replace Netbird with any other WireGuard implementation and Caddy with any other reverse proxy. I just found those two to be very self hosting and FOSS friendly options.
As for what to use it for it allows me to run Jellyfin from home, while having Authentik be a forward authentication proxy in front of it so only people with an account can reach it while still allowing me to reach it from any device anywhere with Internet. It's very nifty.
I use a VPS I have for many purposes and a setup of Netbird + Caddy to do what Cloudflare does (but without their redundancy and worldwide distribution of hardware of course) but self-hosted. Personally I'm very much against relying on a large corporation which doesn't give a fuck about me as a customer for access to my stuff.
Ok, I can understand your concern now but I feel like you're basically saying that mail and self-hosting in general shouldn't be streamlined at all and be super complex. Because your recommendation puts a lot of the security burden on the end user building their setup of various best-of-breed solutions. You would then yourself have to ensure all inter solution communication is secure as well as deploy every solution securely. Whereas with a all-in-one it's generally on the Developers and the larger FOSS community to ensure the package is secure internally and the end user is only responsible for the deployment (i.e. that they follow the instructions and have reasonable security on the server they deploy to). Theoretically if an end user is very bad at security then your recommendation doesn't end up with a more secure solution over all, it would be just as easy to compromise as the all in one, if not easier.
Another user pointed out that there is no webmail built in so all that is contained is stuff that would need to be on the edge, i.e. SMTP and I/JMAP. Those services need direct port communication to the internet. As for the true backend stuff it's not part of the setup since you need to provide your own storage backend and authentication backend. So I don't understand your concern, could you elaborate what they do wrong in your mind?
Only doing resolution for your own domain and dnssec solve pretty much all those issues and is pretty darn easy.
And I did say that the web gui is what you need to lock down, DNS has no vulnerabilities exploitable through port 53 that lets an attacker take control of the server.