80

This is a decent writeup on applying "Zero Tust" principles to a home lab using mostly open source tools. I'm not the author, but thought it was worth sharing.

you are viewing a single comment's thread
view the rest of the comments
[-] Quik@infosec.pub 8 points 2 months ago

I, too, don’t love the use of AWS/Cloudflare, while I get that you can simply replace AWS S3 with something else for backups, this server setup is innately based on using Cloudflare.

[-] mhzawadi@lemmy.horwood.cloud 12 points 2 months ago

Maybe I should do a write up on my setup, as I don't use Cloudflare or AWS. I do use backblaze and OVH

[-] zer0squar3d@lemmy.dbzer0.com 3 points 2 months ago
[-] mhzawadi@lemmy.horwood.cloud 1 points 2 months ago* (last edited 2 months ago)

Will see what I can do, will probably be on https://homelab.horwood.biz/

[-] mhzawadi@lemmy.horwood.cloud 1 points 2 months ago

have made a start in documenting what I run, not sure who much of how it runs you want

[-] 01189998819991197253@infosec.pub 1 points 2 months ago

that sounds like a value added write up.

[-] sugar_in_your_tea@sh.itjust.works 1 points 2 months ago

I'd appreciate it as well.

I have a somewhat sophisticated setup as well that doesn't use Cloudflare (aside from domain and DNS hosting) or AWS (I use a simple Hetzner VPS). I'm considering using Backblaze for backups, and everything else is self-hosted.

One of my main goals is that every responsibility should be modular and have a compatible drop-in replacement. I'm very interested to read what others with a similar perspective have done.

[-] mhzawadi@lemmy.horwood.cloud 2 points 2 months ago

have made a start in documenting what I run, not sure who much of how it runs you want

[-] mhzawadi@lemmy.horwood.cloud 2 points 2 months ago* (last edited 2 months ago)

Will see what I can do, will probably be on https://homelab.horwood.biz/

[-] fruitycoder@sh.itjust.works 2 points 2 months ago

What is a good alt for cloudflare here tbh?

I've done wire guard, and tor service to obfuscate the network, and crowdsec for a good external firewall, and linkerd gateway to actual services (and keycloak for sso).

Besides adding gotelaport for more fine grained access, idk what else you could do, but even then idk if its still competitive as someone else's network taking your ddos loads lol

[-] anzo@programming.dev 2 points 2 months ago

A cheap VPS with headscale. Or just ZeroTier.com free plan.

[-] fruitycoder@sh.itjust.works 1 points 2 months ago

ZeroTier looks super cool!

this post was submitted on 07 Sep 2024
80 points (80.3% liked)

Selfhosted

40383 readers
489 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS