I have several selfhosted services that I have been using for months, now I wish to access these while I am not at home. Likes of nextcloud, nocodb, wikijs and other media sharing self-hosted services

I would like to know what precautions should I take so no one knows that such a domain exists.

should I purchase a crazy numbered domain like 671341412312.com ? or should I go for .tk domains.

Would like to get some suggestions from this community on other aspects that I am missing.

  • pchrisl@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    VPN is the way to go. Could use this opportunity to upgrade your router. I bought a box from protectli and run OPNsense on it. There’s good documentation on how to set up a wireguard vpn, and the community is vibrant.

    Its also nice because there’s lots of options so its a nice thing to grow and learn with.

  • jbarr107@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This is my policy: For publicly accessible services like a website, I use a cloudflare tunnel. For restricted access to just a few users, I use a cloudflare tunnel and a cloudflare application to manage access authentication. For my exclusive restricted access to the infrastructure, I used tailscale.

    • r4nchy@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I will also be using cloudlfared, but will have to look at tailscale. Really appreciate you mentioning

  • beje_ro@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Warning: tk domains registrar has 0 GDPR.

    Might be irrelevant now, but I didn’t managed to delete my data once I wanted out

    • r4nchy@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I never really understood the concept behind their free domains, but I never purchased a free/cheap domain after my first experience of getting charged 2-3 times for renewal.

      However, are you talking about deletion of your personal data or your website data ?

      • beje_ro@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Personal data.

        They also moved a free domain that I have let expire to the paid ones, so if I wanted to renew I would have to pay… Which is kind of fair… They should also make money from somewhere…

        When buying a domain read all the details: renewal fee are mentioned there. For me they were turnoffs in some cases.

        I now have a .ovh as a cheap alternative. Iirc they are dirt cheap when you reserve the domain for 3 years…

  • cmdr_cathode@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Seriously as everyone suggests: use tailscale or another VPN. Tailscale is incredbly easy to setup.

  • AnderssonPeter@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If you go with a cert try to get a star cert that way you make it a little bit harder for hackers to find your subdomains.

  • BebopTheRocksteady@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    ZeroTeir (or a VPN) - if all you want is to access those services from outside your network

    IMO - the only reason to put something “on the internet” is so that the entire “internet” can access it

    • themightychris@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      this ^ I use ZeroTier, and then point subdomains under my personal domain name at the ZeroTier IP for each of my devices. Then I can use those hostnames but no one else can, and name based virtual hosting is easy via wildcard sub-sub-domains

      For example plex.desktop.mydomain.com -> *.desktop.mydomain.com -> desktop.mydomain.com -> 10.x.x.x

  • coconut-hail@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Try using Tailscale. It’s easy to use & free for personal use. It will only allow devices with Tailscale installed to view your self-hosted services. They have clients for mobile devices, PC’s, Mac’s and even Apple TV etc. Their technology is based on Wireguard so it’s very fast and secure.

    https://tailscale.com/

  • jaredearle@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Getting an obscure domain name doesn’t matter as attackers go straight to the IP address. If you have a certificate on your secret domain name, they have your domain the moment they hit port 443.

    Don’t use “security through obscurity”; instead just secure your services or host a VPN.

  • Antonaros@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    6 to 9 digit .xyz domains are only around $1 a year, every year. That’s what I did and definitely recommend it. You can read more here.

  • Do_TheEvolution@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago
    • install opnsense
    • set up geoip block where only IPs from your own country can ever initiate connection from the outside
    • keep your stuff up to date
    • enjoy security
  • Victorioxd@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Crazy number domain doesn’t provide any security but you can buy a 1.111B class .XYZ domain for as cheap as 0,62USD a year

  • Fun_Chest_9662@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If it is just for you and no one else you could set up something like twingate in place of a vpn or punching holes in your network. When im out of town or just need to access something internaly when im gone, as long as. I am connected to my twingate connector i have access the what i need. Its also super easy to granularly set access controls to only allow access to systems on specific ports etc. Took the headache of port forwarding, ipsec, and vpn and made it simple to manage and access what i need. Simply run the connector in docker and your all good. Heres the link if you wanna read up on it or try it out. link

  • noaccess@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    cloudflare / cloudflared. No ports exposed, static or dynamic ips do not matter.

  • Bytepond@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Use cloudflared and Cloudflare Zero Trust / Access. You tunnel your services to Cloudflare, who then secures them behind a 2FA wall. No traffic ever goes to anyone aside from you.