OmltCatJul 12, 2023

Is it considered bad practice to expose selfhosted services on public internet?

https://lemmy.world/post/1404113

Is it considered bad practice to expose selfhosted services on public internet? - Lemmy.world

I see a lot of people here uses some form of remote access tool (VPN/Tailscale) to access their home network when not at home. I can’t really do this because my phone (iOS) can only activate one VPN profile at a time, and I often need this for other stuff. So I chose to expose most web based services on the public internet, behind Authelia. But I don’t know how safe this is. What I’m really unsure are things like Vaultwarden: while the web interface is protected by Authelia (even use 2FA), its API address needs to be bypassed for direct access, otherwise the mobile APP won’t work. It feels like this is negative everything I’ve done so far.

Show threadgiant_smeegJul 12, 2023

Not bad practice just not as secure.

You can’t beat the security of not exposing it but sometimes you need to so then you need to mitigate it with certs, reverse proxy or VPN.

It depends on what you need and what your thread model is.

Show threadilmagicoJul 12, 2023
I have my nextcloud server exposed, I keep it up to date, patched, etc. but I’d love to use the extra protection of a VPN. Just … I don’t think mobile apps work very well with that, unless I keep my phone constantly connected, right? Or is there a smart way to do that?
Show threadSomething Burger 🍔Jul 12, 2023
You can configure your phone to only route traffic to your server though the VPN.
Show threadilmagicoJul 12, 2023
Nice! … how exactly, I wanna know :)
Show threadBdking158
I'm my case, I'm using the OpenVPN server on my router. When I set it up, there was an option for the client to only use the VPN for local traffic. That way it's part of the config file on my phone. Works flawlessly
Jul 13, 2023 at 3:07amWeb