this post was submitted on 19 Jun 2023
3 points (80.0% liked)

Selfhosted

40329 readers
384 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

„Inspired“ from https://lemmy.world/post/287146 and many related questions (also on reddit before).

Why don‘t people like opening Port 443 on their Homerouter? An open Port itself is not a vulnerability because nothing is listening on it, therefore there cannot be any connection established. When forwarding Port 443 From Router to e.g. The Homeservers LoadBalancer / Proxy, this Proxy is the final resolver anyways.

So why doing the more complex and more error prone Route via the VPS / Tailscale / CloudFlare?

I did that some years ago too, but just because i did not have an static IPv4 at home. But speeds were awful and i switched to Routerport + DynDNS and now everything is super performant.

you are viewing a single comment's thread
view the rest of the comments
[–] donnnnnb@lemm.ee 1 points 1 year ago* (last edited 1 year ago) (1 children)

It's typically against the terms of service to open ports less than 1024 (well known ports) of most ISP's for personal internet. That, and there are bots that probe for insecure and misconfigured stuff constantly. Spin up a VPS and take a look at the SSH logs. What if a zero day vulnerability occurs? Are you going to be able to react quick enough to prevent someone from doing damage?

Cloudflare is nice because you no longer need to update your DNS A records, plus it caches data, automatically enables SSL, and absorbs bot traffic for you. Have also tried the Wireguard + VPS route, but that gets expensive because most charge ingress and egress.

[–] SheeEttin@lemmy.world 1 points 1 year ago

It's typically against the terms of service to run any server.