Hey all! For the longest time I’ve had a server that hosts some things (eg Syncthing), but is only available via SSH tunneling.

I’ve been thinking of self-hosting more things like Nextcloud and Vaultwarden. I can keep my SSH tunneling setup but it might make it difficult to do SSL.

How do you manage the security of having public-facing servers?

  • @njinx
    link
    English
    81 year ago

    Why not use a proper VPN instead of SSH tunnels?

    • wispydustOP
      link
      English
      51 year ago

      Mostly a convenience thing, since I only need it on-demand and I usually use SSH for things anyway. As this post suggests I’m obviously rethinking that now :)

      • @njinx
        link
        English
        4
        edit-2
        1 year ago

        A VPN you could use on your phone, computer, laptop, tablet, TV, Samsung SmartFridge, etc. I’ll admit it’s a bit more involved than ssh -L ... but it’s well worth it. Especially if you’re the only one using it. After setting up Wireguard I’ve elimated all my router port forwards except SSH and WG

        • wispydustOP
          link
          English
          11 year ago

          Thanks for the tip! Tailscale was so easy to get into and is worth it like you said.