Self-Hosted Main

502 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

[email protected]

Running a public supertux cart server securely (alien.top)

submitted 10 months ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

I want to run my own public supertux cart server since when i connect localy with my friends if we are more than 2 ppl any other will time out and noidea how to fix it so i thought this could be a opertunity on how to secure a exposed server.

I watched the techno tim security video where he said to isolate it on the local network then a local reverse proxy and a cloudflare one

So if i use it in a container is is restricted from the local network? if no how do i do that and do i need a seperate reverse proxy that only has acess to the one container in like a docker network and then i expose the port and make it acesseable with duck dns and then look into cloud flare

any more things i need to reseach and what ressources do you guys recomend for me

top 2 comments

sorted by: hot top controversial new old

[–] [email protected] 0 points 10 months ago (1 children)

A good strategy for having a publicly accessible server that is still 'private' is to forward a port to the internet from the machine that runs SuperTux server on your firewall/router combo, BUT put it through whitelist based access control (ACL), then whenever your friends want to play they just give you there latest IP address (ifconfig.me) and you update the firewall to allow them. Usually this presents to any remote host as a closed/filtered port that the firewall just drops packets for unless the IP matches.

Although I don't recommend security through obscurity by itself, it would be terrifyingly impressive for an attacker to somehow know the specific whitelisted IP addresses and forge them to even get a return packet. I do the same thing with a bedrock server for switches and other less-then-configurable by network devices and it works very well.

What router/firewall combo do you use, any custom firmware? The only way this could not work is if the router does not support it, if it dosen't you should get a new router regardless, all in ones default software is usually buggy and exploitable as hell.

[–] [email protected] 1 points 10 months ago

I use a isp router since i currenltly have my internet through adsl+lte :/