He he didnt but thats what he meant
I mean 99% of users use reverse proxy for https public access
Also read the threat replies …
That’s what this thread is about
…
No?
ippocratis
- 4 Posts
- 19 Comments
Joined 2 years ago
Cake day: August 2nd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Yes that’s exactly what they do
The funnel exposes your local services to the public over https . Like what you want to accomplish with reverse proxy . Its just more straightforward for a beginner.
Personally I closed my router ports and switched to tailscalr funnels after using caddy with mutual TLS for years.
While using a web server before your self hosted micro services is the obvious answer and caddy the easier to configure, as a beginner you should also consider taiscale funnels. You dont need to mess with router stuff like port forward or caring if you ISP have your router behind a cgnat which is kinda norm nowadays , also dont have to care for a domain name dynamic DNS stuff . You could have a look to my quick how to . All you need is running a script , the ports and desired names of your subdomains and your tailscale auth key. https://ippocratis.github.io/tailscale/
Brave sync server is open source and self host able.
Everything a browser syncs is syncable passwords, history, bookmarks, cards etc
The “issue” is there is not a user interface element to easily add the self hosted instance url
There are workarounds though
You can read my quick how to here
Headscale does not support funnels unfortunately
Tailscale is not completely foss.
Yeah I’ve tried that with my webdav mount coz its the obvious thing to do.
Problem is local notes are exposed to other apps and unencrypted.
Apps like neutrinote can protect notes in their app sandbox and create a backup mirror in location of choice e.g. a webdav Mount that happens to be behind mtls.
Syncthing does not offer mtls.
Thanks for the info. Will look in to that approach too.
Mtls requires that the android client device has a certificate installed that matches the one installed on the server in order to access it.
1·1 year agohttps://github.com/deku-messaging/Deku-SMS-Android
Supports emoji & images Supports e2ee if the other party also have deny SMS installed Supports message forwording
Vaultwarden behind mutual tls and reverse proxy and https://github.com/oguzhane/bitwarden-mobile until https://github.com/bitwarden/mobile/pull/2629 is merged
But honestly all services you mentioned are worthy.
Anything that fits your needs imao
RPI4/400 is perfectly capable as a little home server. All it needs is a good SD card.
Owntracks,photoprism,monocker,brave go m-sync,libre photos,wallabag,radicals e,Baikal,Firefox sync,Joplin web,webdav server,jellyfin,vaultwarden,wireguard
Icard is actuality the only alternative that can register as a contactless nfc payment that not relying on google/Apple wallet and its perfectly safe. It’s an actual bank in Bulgaria and is eu regulated and PCI certified
Not Foss. Kinda of a privacy nightmare as you need to verify your identity and location with actual documents but as already said its not google and is a solid option if you are degoogled.
Their release scheme is questianable yes as you said alpha and beta released in play store only then comes the fdroid release As long as there is an fdroid release I cant blame them really but you got a fait point
Feature wise they developed their own open autofill and swipe libs plus I love the layouts. Actually builded my own layout but I like the over logic with bottom / top rows, gesture navigations etc
Aurora store with a google account for playsrtore apps. Fdroid is also installed and I do regullar visits on their website and also on izzyondroid site for new apps. I’ve tried syncthing but sync got corrupted and lost files while trying to figure out what went wrong (maybe a missconfiguration from my side I’m not sure).I never used it again
Notes:Joplin (over webdav)
File manager:material files
Cloud:webdav provider (webdav mount in material files)
Contacts/calendar:davx5-etar
Sms/call log backup:smsIO
Cast:Bubbleupnp (non Foss)
Browser:mull/brave
Password manager:Bitwarden
Office:proprietary
Themes:Substratum
Maps:here (non Foss)
Gsm location provider:MozillaNLP/MicroG
Speetch to text:localstt
Text to speech:Flite/espeak/rhvoice
Keyboard:Anysoftkeyboard
Network scanner:Ning
Find my device:Nulides Findmydevice
Call recorder:BCR(magisk module)
Weather:Geometric Weather
Parental control:Time limit
RSS:read you
App store:obtainium
Bookmarks:wallabag
2fa:aegis
Location history:traccar/owntracks
Email:tutanota
Image2text:OCR
Translate:deepl
Photos:uhuruphotos/photoprism android gallery/Aves/image toolbox
Appops:app manager
Addblocker:addaway
Files encryption:droidfs
Downloader:download navi
Filesync:folder sync(non Foss/paid but best)
Logs:logcat reader
Launcher:nova(non Foss/paid but best)
Doc scan:open scan
Kernel manager:smart pack
VPN/tunnels:wireguard
Nextcloud is an overkill. Its just too much. I’d say better split down the needed services. Baikal/radicale etc for contacts/calendar. Photoprism/librephotos etc for photos. A webdav server for storage. And so on.
Ok I’m not any networking expert but I think you are overestimating the risk here.
Opening a port doesn’t mean you are opening your whole home network just the specific services you want. And those not directly but with a web server in front of them . Web servers talked in this tgread that sit in front of open ports are well audited . I think that measures like mtls a generic web server hardening are more than ok to not ever be compromised.
But yeah I’m surely interested to listen if you could elaborate.
Thanks