this post was submitted on 29 Dec 2023
98 points (96.2% liked)

Selfhosted

40218 readers
1129 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I work in tech and am constantly finding solutions to problems, often on other people's tech blogs, that I think "I should write that down somewhere" and, well, I want to actually start doing that, but I don't want to pay someone else to host it.

I have a Synology NAS, a sweet domain name, and familiarity with both Docker and Cloudflare tunnels. Would I be opening myself up to a world of hurt if I hosted a publicly available website on my NAS using [insert simple blogging platform], in a Docker container and behind some sort of Cloudflare protection?

In theory that's enough levels of protection and isolation but I don't know enough about it to not be paranoid about everything getting popped and providing access to the wider NAS as a whole.

Update: Thanks for the replies, everyone, they've been really helpful and somewhat reassuring. I think I'm going to have a look at Github and Cloudflare's pages as my first port of call for my needs.

you are viewing a single comment's thread
view the rest of the comments
[–] Gooey0210@sh.itjust.works 1 points 10 months ago (7 children)

Can i ask you to elaborate on this part

Assume at all times that the box is toxic waste and that is an entry point into your network. Leave it isolated. No port forwards, you already have tunnels for that, don't use it for DNS don't use it for DHCP, Don't allow You're network users or devices to see ARP traffic from it.

I used to have a separate box, but the only thing it did was port forwarding

Specifically i don't really understand the topology of this setup, and how do i set it up

[–] chiisana@lemmy.chiisana.net 2 points 10 months ago (2 children)

Cloudflare tunnel is a thin client that runs on your machine to Cloudflare; when there’s a request from outside to Cloudflare, it relays it via the established tunnel to the machine. As such, your machine only need outbound internet access (to Cloudflare servers) and no need for inbound access (I.e. port forwarding).

[–] Gooey0210@sh.itjust.works 1 points 10 months ago (1 children)

Thank you for your reply, but i actually was asking about the network stuff 😅

I used to use cloudflare tunnels for many years, now i'm a bit too tin foiled to use any cloudflare 😅

[–] chiisana@lemmy.chiisana.net 2 points 10 months ago

Ah sorry I went down the wrong rabbit hole.

I’d imagine an isolated VLAN should be sufficient good starting point to prevent anyone from stumbling on to it locally, as well as any potential external intruder stumbling out of it?

load more comments (4 replies)