I have several selfhosted services that I have been using for months, now I wish to access these while I am not at home. Likes of nextcloud, nocodb, wikijs and other media sharing self-hosted services

I would like to know what precautions should I take so no one knows that such a domain exists.

should I purchase a crazy numbered domain like 671341412312.com ? or should I go for .tk domains.

Would like to get some suggestions from this community on other aspects that I am missing.

  • pchrisl@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    VPN is the way to go. Could use this opportunity to upgrade your router. I bought a box from protectli and run OPNsense on it. There’s good documentation on how to set up a wireguard vpn, and the community is vibrant.

    Its also nice because there’s lots of options so its a nice thing to grow and learn with.

  • AnderssonPeter@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If you go with a cert try to get a star cert that way you make it a little bit harder for hackers to find your subdomains.

  • BebopTheRocksteady@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    ZeroTeir (or a VPN) - if all you want is to access those services from outside your network

    IMO - the only reason to put something “on the internet” is so that the entire “internet” can access it

    • themightychris@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      this ^ I use ZeroTier, and then point subdomains under my personal domain name at the ZeroTier IP for each of my devices. Then I can use those hostnames but no one else can, and name based virtual hosting is easy via wildcard sub-sub-domains

      For example plex.desktop.mydomain.com -> *.desktop.mydomain.com -> desktop.mydomain.com -> 10.x.x.x

  • beje_ro@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Warning: tk domains registrar has 0 GDPR.

    Might be irrelevant now, but I didn’t managed to delete my data once I wanted out

    • r4nchy@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I never really understood the concept behind their free domains, but I never purchased a free/cheap domain after my first experience of getting charged 2-3 times for renewal.

      However, are you talking about deletion of your personal data or your website data ?

      • beje_ro@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Personal data.

        They also moved a free domain that I have let expire to the paid ones, so if I wanted to renew I would have to pay… Which is kind of fair… They should also make money from somewhere…

        When buying a domain read all the details: renewal fee are mentioned there. For me they were turnoffs in some cases.

        I now have a .ovh as a cheap alternative. Iirc they are dirt cheap when you reserve the domain for 3 years…

  • jbarr107@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This is my policy: For publicly accessible services like a website, I use a cloudflare tunnel. For restricted access to just a few users, I use a cloudflare tunnel and a cloudflare application to manage access authentication. For my exclusive restricted access to the infrastructure, I used tailscale.

    • r4nchy@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I will also be using cloudlfared, but will have to look at tailscale. Really appreciate you mentioning

  • cmdr_cathode@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Seriously as everyone suggests: use tailscale or another VPN. Tailscale is incredbly easy to setup.

  • jaredearle@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Getting an obscure domain name doesn’t matter as attackers go straight to the IP address. If you have a certificate on your secret domain name, they have your domain the moment they hit port 443.

    Don’t use “security through obscurity”; instead just secure your services or host a VPN.

  • Antonaros@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    6 to 9 digit .xyz domains are only around $1 a year, every year. That’s what I did and definitely recommend it. You can read more here.

  • Victorioxd@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Crazy number domain doesn’t provide any security but you can buy a 1.111B class .XYZ domain for as cheap as 0,62USD a year

  • Do_TheEvolution@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago
    • install opnsense
    • set up geoip block where only IPs from your own country can ever initiate connection from the outside
    • keep your stuff up to date
    • enjoy security
  • bgatesIT@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    VPN would be the quick and dirty

    If it’s just select items, an service like azure app proxy maybe

  • Bytepond@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Use cloudflared and Cloudflare Zero Trust / Access. You tunnel your services to Cloudflare, who then secures them behind a 2FA wall. No traffic ever goes to anyone aside from you.