1·
59 minutes agolisten to my podcast, guys. /s
- 0 Posts
- 41 Comments
Joined 7 days ago
Cake day: February 5th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
lol Mac only. Wants you to sign up for spam to “request” your OS. No thanks.
4·6 hours agoWhy do like, houses have doors man. You gotta eliminate all points of egress for security, maaaan. /s
There’s no particular reason to disable root, and with a hardened system, it’s not even a problem you need to worry about…
There’s no real advantage to disable the root user, and I really don’t recommend it. You can disable SSH root login, and as long as you ensure root has a secure password that’s different than your own account your system is just as safe with the added advantage of having the root account incase something happens.
I enjoyed this video: https://www.youtube.com/watch?v=fuWPuJZ9NcU
You can’t really disable the root user. You can make it so they can’t login remotely, which is highly suggested.
The entire point of selfhost is to host private services not available to the public. By literal definition, that’s allowing only local traffic to connect to your services. It’s infinitely more secure. A VPN allows you to extend those services over the clearnet to authorized devices via virtualized networks. You don’t have to worry about messing with inbound/outbound ports, or worrying about software failure or misconfigurations accidentally exposing you to the clearnet. You don’t have to worry about DDoS, or abuse. Being attacked? Bring down your VPN and that completely shuts down your issue. Your network is completely unreachable by anyone but a local host.
There’s simply no room for an argument. VPN is objectively better in all possible situations.
I don’t know what kind of firewall you use, but if my firewall is down there is NO traffic at all passing through!
Only a hardware firewall would do this. If it’s software, like implied in your post, no traffic is filtered and all connections are accepted.
VPN is the least amount of work for the most secure setup. There’s nothing to even argue, its superior in every way.
There is. It’s called VPN Split Tunneling.
If you want to proxify your connection between you and a service, you enable the split. If you don’t care, or want to not use the VPN, then disable it for that application. So it’s effectively “proxify all connections to this app,” which is the same as your use case.
This is effectively the same damn thing with a single exception. If your VPN is down, there’s no access to your server. If for whatever reason your firewall is down, there’s unrestricted access to your server…
VPN is unquestionably the correct choice 100 times out of 100.
You may say that’s a good practice to separate things
You’re missing the point. VPN isn’t about separating anything… I’m not even sure what you mean by that. VPN is the accepted practice here. Unquestionably. You create private services, and for security you only expose them to the least amount of people possible. You authenticate via VPN connections. You only have to maintain a single database of users to access any number of services, even tens of thousands.
OP is specifically talking about hosting local content that they want to protect. VPN is the solution here.
Your use case, and OPs, are completely different scenarios. I can’t tell if you’re being purposefully disingenuous or just flippantly stupid.
What’s the weirdest one you’ve tried?
NixOS.
Most challenging?
NixOS.
Have you found any really cool defining features in any distro?
Flakes. lol
systemd
Alpine is my daily driver. Been that way for 2-3 years now.
- AMD Ryzen 5 7600x
- 32GB DDR5
- NVIDIA GeForce RTX 4060
It’s not just for underpowered hardware. 🤷♂️
Why not swap from nginx-proxy-manager to Caddy2, which can handle everything? SSL and reverse_proxy?
Correct. If space is such a big problem for you that it’s unconscionable to use a 4U mini rack (which again, like what the fuck), then mounting hardware on the wall is a completely valid option. It’ll take up zero floor space.
If somebody needs to have services accessible by someone else besides him, that service can’t be behind a VPN
Again, this is the reason VPNs exist. If that person needs access, then setup Wireguard…
It’s like saying you don’t need a front gate with an access code because then you would have to give out your own access code. But I mean, the lock has the ability to setup more access codes. And you’re saying the only viable option is the leave the gate open and hire a guard to manage access. It’s just… Weird and wrong.
He’s wrong. They’re cheaper because the manufacturer makes money off selling advertisements.