Some networks block Wireguard connections.
Dollars to doughnuts they’re blocking the default Wireguard port. Change your wireguard port to something like 8080 or 8443 and you’ll almost certainly make it through
Some networks block Wireguard connections.
Dollars to doughnuts they’re blocking the default Wireguard port. Change your wireguard port to something like 8080 or 8443 and you’ll almost certainly make it through
CF tunnels to access generic apps I want public.
I totally could move everything that’s on CF tunnels over to Wireguard, but I see no need to do it
How would you keep the public apps public if you require a wireguard connection to access them?
Yes.
I use all three for different purposes.
It all depends on what my requirements for self hosting some are.
Tailscale has its use when you are behind CGNAT and don’t want to VPS a Wireguard server somewhere with a static IP, other than that, it has no use in my opinion. I’m fully aware that I get downvotes from people who praise the zero trust principals of Tailscale and all the rest, but they always forget that you can do zero trust since decades with any network equipment (VXLAN) and add Wireguard to the mix.
People just forget that all Tailscale is is a fancy GUI for managing Wireguard. That’s it.
Wireguard lacks a lot of user management features so you need a service like Tailscale to handle that, but everything zerotier does is something you can already do in wireguard, just simplified.
How do you access those services from a public network?
With Wireguard?
It’s mostly for internal stuff with a NAS. Uploading and downloading files off a NAS or streaming 4K content can all benefit from 10G
I got 2x1000v/800w USPs for $145.
Some light strips to put in TM server rack for $9
A 24port patch panel and keystone Jacks for $35
A keyboard drawer for $50
And a rack mounted Fan for $100.
My 2024 New Years resolution is to make my server rack not look like a piece of shit.
disabling password login and use pubkey authentication will be safe enough?
Just make sure you actually disable password login. Simply enabling key doesn’t disable password. So as long as the password is disabled then you’re fine.
This is probably the optimist in me saying this, but I don’t think the data is actually gone.
Its probably some misconfiguration that is locking people out of their data. That may not functionally be different but technically it’s majorly different. My guess is there will be some announcement made in a few days that they fixed a permissions error and everyone’s data is back.
There’s more than a decade worth of banking, spending, and investment information in there.
That’s the real reason I would self host something like a budget app. I don’t want a company like Mint to have (and sell) my purchasing and financial history.
“self hosted budget management app”. Can’t you just install this type of app to your phone or pc? What’s the purpose here, will you host it and access it from a browser? Or do you only want to backup its data to your server?
I don’t want some third party having access to all of my transaction history and knowing what I spend and where.
I hope I don’t sound stupid please enlighten me.
Your question isn’t stupid. There is an important decision you need to make on “is the juice worth the squeeze.” While you can selfhost a lot of stuff sometimes there’s better reasons not to. Email is primary example that gets brought up a lot. Sure you CAN self host it, but for a lot of people on this sub it’s not worth the effort required to do so.
Each person has to make that decision for each of the things they choose to self host. Budget apps are no different.
Same. I ran OwnCloud and Nextcloud in parallel for a while until a Nextcloud update nuked it and my wife lost some of her college work.
After that I’ve appreciated the slower more deliberate pace of OwnCloud
Would that be better than just mounting the NFS on the host and assigning that directory as the Immich upload directory?
So your vote is an external library
just get a cheap nas eg from synology
Cheap and Synology are mutually exclusive. But I agree with the rest of what you said.
It’s not a good idea due to the load on the router and a proper NAS would be better
Because SDN setups are significantly better than Mesh
It’s basically the same as any other time people expose something to the internet.
Most don’t know what they’re doing or how to do it safely so they put a vulnerable device out in a vulnerable state.
The only reason a NAS is worse is because it’s more common for a home user to have a NAS then it is to do something like host a WordPress, and a NAS has more personal stuff than a WordPress does (usually)
I do. I monitor it in a lot of ways.
Wireguard and Cloudflare Tunnels make network traffic monitoring difficult because it’s all encrypted traffic.
I don’t even let my friends have unrestricted access to my server because I don’t want the liability that could come with one of them searching for/downloading illegal content.
Sure I would technically fall under safe harbor laws but I don’t want to spend the money on court/lawyer fees to prove that I’m not that one downloading shit.
I just did a proxmox update and reboot last week, but before that it was months of uptime.