view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Yes, or else I wouldn't have access to the web interface haha
Wait, so you have the full website exposed to the Internet and you're concerned about enabling ssh access? Because of the two ssh would likely be the more secure.
But either are probably "fine" so long as you have only trusted users using the site.
Yes, hosting the site seems much safer (at least in theory) since I am proxying it through cloudflare and I am planning on putting ngynx too on top of that this afternoon
(And signup is disabled, so hopefully only trusted users can access it)
I am not sure where this idea comes from, but putting a service behind a reverse-proxy does not increase its security in any way, unless you'd do authentication right at the reverse-proxy.
atzanteol is of course correct with the assessment that the web interface poses a much larger attack surface than the ssh interface.
I spent my day today setting up nginx with mtls at work, and I actually think it's a great approach for what op is trying
Oh, I didn't want to suggest that there is no value in using a reverse-proxy, there certainly is. Just don't expect it to do anything for you in terms of application security. The application behind it is just as exposed as it would be without a proxy. So if there was a security flaw in that application, the reverse-proxy does not help at all.