I’m just a novice at self hosting and I see a lot of talk about the risks of exposing stuff to the world. Here’s my setup:

-Rpi4 hosting Overseerr
-Desktop computer hosting Nginx and some Cloudflare DDNS update containers

Cloudflare directs request.domain.com to my home IP address. Nginx forces HTTPS and directs the request to the Pi.

Is there any risk in this setup or are there more steps I can take to secure it?

  • @[email protected]
    link
    fedilink
    English
    61 year ago

    Since you’re using cloudflare already you could utilize their cloudflare tunnel feature, that way you don’t need DDNS or any open ports, and your home IP will be hidden.

    • @[email protected]
      link
      fedilink
      English
      31 year ago

      I would rather just making a wireguard vpn and having control of my data, but privacy might not be his concern.

      • @GlitzyArmrest
        link
        English
        11 year ago

        Cloudflare tunnels also do custom certs if you wanted to maintain some amount of privacy.

        • @418teapot
          link
          English
          11 year ago

          Ah yes cloudflare: MITM as a service.

          It really depends on who your adversaries are that you want to keep private. The coffee shop owner + their ISP + your ISP, or cloudflare. Seeing as cloudflare MITMs an insane amount of the internet these days I’m way more suspicious of them than I am of the alternative. If you’re really after privacy I’d recommend self hosting wireguard or something.

          • @GlitzyArmrest
            link
            English
            11 year ago

            Of course, that’s why I said some resemblance of privacy - it’s still more secure (and possibly more private) than just opening ports.

            • @418teapot
              link
              English
              11 year ago

              Right, but that’s why I said it depends who your adversaries are. Really though, think why you care so much about privacy.

              Is it because you’re doing some shady shit? Probably should do everything in your power to avoid clear text communication every step of the way, including cloudflare.

              Or is it (like me) because you are so sick of the corporate surveillance and monetization of your internet activity, and you want to fight back? If that’s the case you should absolutely avoid cloudflare like the plague since they literally see all traffic for every website they sit in front of, which these days, anecdotally feels like >50% of the internet.

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        For public access you would need a VPS somewhere to act as an ingress point, so that might be more than OP wants to deal with.