Simplixt

joined 1 year ago
[–] [email protected] 1 points 11 months ago (1 children)

- Don't expose the web interface of wg-easy ( 51821 ) to the internet
- update your docker installation frequently
- Keep the private keys of your clients safe

That's all you need to do.
Personally I also would change the UDP port of WG (via different port forwards of your router). But more for getting through firewalls in public WiFis (e.g. UDP Port 443, 53 or 123)

[–] [email protected] 1 points 11 months ago (1 children)

Do you have an example?

"Open Source + hosted" always involves trust, as you can only look into the Github repository, not if the running hosted application is running identically.

Only exception: It's an E2EE encrypted solution, and everything else happens client-side (example: Bitwarden)

[–] [email protected] 1 points 11 months ago

E-Mail.

And maybe unpopular opinion:

  1. Any service that you use with port-forwarding, besides WireGuard.
    I would never access any self-hosted application without VPN.

  2. Password manager. I want to minimize complexity with my most important data (that's why I'm using KeePass instead of Self-Hosted Bitwarden).

[–] [email protected] 1 points 11 months ago

If you want to secure something, you should know how it works?!

[–] [email protected] 1 points 11 months ago

My journey:

Joplin -> Trilium Notes -> Logseq -> Obsidian

I find Obsidian the most powerfull, because of the PlugIn system and full compatiblity with Android and iPad.

And I realized, it's a stupid idea to have a "knowledge base" in a Docker setup, if you need this knowledge base also for debugging or reinstall your Homelab. So the local installation of Obsidian togeter with Synchting gives you always access to your knowledge, even if the server are down.

However, none of the above have collaborate features. But don't need it.

[–] [email protected] 1 points 11 months ago

Expensive. And I avoid small providers, without any established compliance, where a bored admin could surf through my server root ;)

[–] [email protected] 1 points 11 months ago

Terminal of Proxmox.

pct enter

Now you have SSH

[–] [email protected] 1 points 11 months ago (2 children)

I would repair my capslock next :)

[–] [email protected] 1 points 1 year ago

Create 2 virtual machines.

One Virtual Machine with OpnSense Firewall, where you setup the ProtonVPN WireGuard connection.

One Virtual Machine with your Docker-VM.

Connect both machines via a virtual network, and setup the OpnSense-Firewall so that only internet-traffic through the WireGuard-Gateway is allowed.

That's the most bullet proofed solution, as any connection of your Docker-VM is secured, independent of the VM's configuration.

[–] [email protected] 1 points 1 year ago (1 children)

Obsidian with Calendar + Tasks + DayPlanner + DataView + Templater.

Maybe the Calendar-functionality is a little bit weaker, but otherwise Obsidian is really powerful (and sometimes a little bit overwhelming, with everything you customize with the Plugin ecosystem behind)

[–] [email protected] 1 points 1 year ago

I'm not a fan of the Nextcloud Client, so I just snyc the User-Directory of Nextcloud via Syncthing to my PC/Smartphone/etc.

view more: ‹ prev next ›