this post was submitted on 21 Apr 2024
32 points (92.1% liked)

Selfhosted

40135 readers
79 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm currently running both a home server and a VPS. The former is not reachable through the internet, only through vpn. The latter hosts public services.

The VPS is regularly cutting it very close with storage and today I messed up and crashed the whole stack trying to make an impromptu backup. Lesson learned: we need more storage! I could just rent more storage but just today I updated my home server with 16 TB of raid 1 enterprise HDDs.

So I thought I could maybe do a (wireguard) VPN tunnel directly to some storage service that I host on my homeserver. The upload is not great but realistically I dont need much. The important stuff stays on the VPS. Mainly videos, pictures and other stuff that doesnt get accessed a lot should go there. The rest should be "cached" at the VPS.

I would have to host wireguard on a server port, only have it access one folder which doesnt contain anything important, forward the port on the router and have the vps have the keys. Even if someone gets into the VPS and steals the keys, they only get that one file storage folder.

Has anyone done this? Are there services that do this or do I just host wireguard and thats it?

Thanks for reading. Have a good one! :)

you are viewing a single comment's thread
view the rest of the comments
[–] TCB13@lemmy.world 4 points 6 months ago (1 children)

You can also configure your server to only accept traffic on the VPN port coming from your home IP address if you've a static one. Or.. only allow incoming connection from your country (https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching). This will provide you an extra layer of security.

Either way don’t be afraid to expose the Wireguard port because an attacker won’t even know there’s something listening on that port as it will ignore any piece of traffic that isn’t properly encrypted with your keys;

[–] haui_lemmy@lemmy.giftedmc.com 2 points 6 months ago

Thanks for the info. That sounds doable.