this post was submitted on 29 Mar 2025
16 points (94.4% liked)
Selfhosted
60320 readers
497 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Stop exposing services like these to the Internet. If you need remote access, use a VPN.
You don't need to own a domain either. Use a free dynamic DNS provider.
And if you don't need remote access, don't bother with that at all. Just run a local DNS server with records for these services with anything under the .internal TLD. Or even just IP address.
HTTPS can come later. It's really not important for traffic that's not sensitive, like no passwords or whatever.
There's no reason not to expose those services to the Internet, they have authentication, and noone can access them without logging in first. There are actually reasons for exposing them, you can share a memo or a file to other people. You should enable HTTPS though to prevent passwords being transferred in clear text.
You assume there is no vulnerability in the web server itself, or a vulnerability that allows bypassing authentication.
Definitely need remote access, and tunneling in every time I want to sync my notes app is way too much work. I've containerized these services as a security layer and you need user creds to access anything without an exploit. I'm comfortable with that level of risk.
Dynamic DNS is a very cool thing I didn't know exists. I'll definitely look into it further! But for the time being I still need a fix for my problem.