Hi, my family and I’ve been working on Safebox, an open-source framework that helps you install, manage, and access self-hosted applications such as Home Assistant, Nextcloud, and Jellyfin ect. Safebox runs on Linux, macOS, and Windows (supporting both x86 and ARM64 architectures, even Raspberry Pi, Banana Pi hardwares also tested). It manages domain and subdomain setup, Let’s Encrypt certificates, DNS configuration, and reverse proxy (nginx). It also includes a WireGuard-based remote access feature and a geo-redundant backup system (currently in development). The project is in beta, and we’re looking for people interested in testing and sharing feedback. All information about Safebox and beta testing can be found in our Discord channel. If you’d like to try it out, you can start it with Docker:
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock safebox/framework-scheduler
Then open: http://localhost:8080/
Website: https://safebox.network/ GitHub: https://github.com/safeboxnetwork/framework-scheduler Discord: https://discord.gg/aBP8bz6N8J
We’d really appreciate any feedback or ideas for improvement.
Have you had anyone with experience with security look at this thing? There’s a lot of really questionable practices in your schedule shell scripts. I especially find how you’re handling VPN secrets kinda worrying. And the backup_challenge_clients.sh script isn’t robust at all. Your nginx config has a few bad choices like lack of try_files, the regex \.php$. It’s definitely not hardened so I hope people don’t put this Internet facing.
I’ve spent like 5min in the GitHub to get a feel for the project maturity. Personally, I don’t think this is suitable for actual use yet.
If you’ve not done any security assessments on your project yet, you might not want to (a) call it “Safe”box and (b) might not want to start charging money for it until you do.
I worry you’re setting yourself up for a hard-to-shake-off embarrassment should a nasty vuln be found. Maybe a name like “selfbox” etc that drops the connotation of security would be safer.
Edit: Kudos on the project website though! Looks fricking gorgeous.
Thank you so much for your valuable feedback and kind words.
About the VPN configuration transfer, we’ve thought about it a lot, and in the end this seemed like the best solution: we hide the config behind a long random URL make it available for 5 minutes, and then delete the link. So, in theory an unauthorized user would have only five minutes to guess the URL and gain access. If you have a better idea, I’d really appreciate it.
As for backup_challenge_clients.sh it’s still a work in progress. It doesn’t work in the current beta version, and none of its features are available in the web interface yet. We’ll let you know once it’s implemented.
We’ll fix the nginx config, I promise 🙂 Just keep in mind this isn’t meant to be a public-facing site yet, since there’s no user authentication for now. But we’ll definitely review the web server setup too.
Thanks again for all your feedback, please keep helping us improve
Very cool, it’s on my list of things to try out at some point
my family and I’ve been working on
I’m curious what this has been like, if you don’t mind sharing 😄 What is each person working on?
Thanks a lot for the kind words and the nice feedback.
The idea and most of the core development came from my father-in-law, he started it years ago with one of his friends. My partner and I joined later to help mostly with testing ,using it, and coming up with ideas for what features might make it more practical for everyday use. We spent a lot of time researching similar projects and reading through community discussions to see what people were saying about their experiences and needs in the self-hosted world. We really care about keeping everything simple and transparent, so the UI and website design were done by another friend of my father-in-law.
We know there’s still a lot left to do, and that it’ll probably keep cutting into our sunday lunches 😄 but we hope it’ll end up being something genuinely useful for others too
That’s awesome, I haven’t seen many family software projects before.
Looking forward to seeing how it develops!
How is this different from cosmos-cloud.io? The feature list looks identical.
Safebox is more about making it easier for home users to run self-hosted applications. You just need to run a single docker command, and the program will set up the web interface, application installation, SSL, reverse proxy, and optional remote access and geo-redundant backups. Cosmos cloud has more enterprise-level features, such as SSO, 2FA, and anti-DDoS, but it is also more complex
So, this is like Yunohost or sandstorm.org?
Yeah, it’s similar to Yunohost or Sandstorm in that you can run self-hosted apps easily, but the main difference with Safebox is that it runs on any os with a single docker command. You don’t need to mess with terminals or commands afterward. Like Yunohost, you can install and manage apps through a web interface, while Safebox also adds geo-redundant backups and optional remote access,all in one interface.
