• 2 Posts
  • 11 Comments
Joined 1 year ago
cake
Cake day: October 3rd, 2023

help-circle
  • You can still self-host on a rented VPS. And unless you have a managed VPS, then you’re still responsible for the security, and managed hosting is far too restrictive in terms of what you can do. It’s just up to you to decide if you trust that company to host your box.

    And running one at home is cheap as hell.

    This is exactly why I host my own stuff. I know how to tighten up the security to the point where it’s just as safe as it would be sitting on some other companies’ system, and I don’t have to worry about what they’re doing with my data, or a data breach. Seen too many companies that are lax on security (such as LastPass).

    I throw extra encryption in place when means even if someone were to be able to gain physical access; they’ve got a hell of a brute force to go through just to break one part.




  • It’s good if you like self-hosting stuff.

    However, what I tell people is this:

    If you know jack about security and how to lock down a machine that is running Vaultwarden, then it’s useless. You should go with Bitwarden.

    If you’re looking to install it just to play around with, I would be very cautious about what you store there, unless you can lock the system down to where it’s not accessible by the outside internet and localized only to your network.

    And I have redundant backups in place in case one decides to fail, which are all encrypted with GPG and a few other measures.

    If you have it installed and not accessible to anyone else but you, it’s a fun project. I like using VW and BW.

    The other bonus would be no one is going to look to target you specifically unless you’re turned into a target.

    Whereas if BW were to be breached, it wouldn’t have anything to do with you.

    However, BW utilizes encryption, so even if they did somehow manage to get in, they can’t read your passwords.


  • Honestly, what I’m missing is I wish Keybase would release their server source code.

    Zoom has ran that software into the ground and buried keybase in a pile of sh*t. It would be like 10 Christmases in one if someone reversed the client to create an open-source server solution or Zoom released the server code for keybase.

    I love Keybase. Absolutely love that program. I HATE the company who owns it.


  • You should be backing up your secrets to some type of app like Vaultwarden or KeePassXC.

    And you shouldn’t need to VM host an android OS just to have a secondary means of authenticating. There are plenty of apps out there that support adding your secrets.

    Vaultwarden, Bitwarden, KeePassXC, or hell, a Yubikey 5 device and then use Yubikey Authenticator.


  • Another option which I’ve used in the past is that you can set your domain up with Cloudflare and then either utilize a Tunnel, or restrict the domain to your own IP address and it will block all external traffic. I’ve utilized it for several projects and it has always worked flawlessly. Haven’t tried the Traefik / HAproxy method.

    But Certbot / LetsEncrypt is extremely easy to use.




  • Oh damn, thanks. I’ll throw this in Obsidian.

    Reverse proxy is exactly why I don’t have more things setup in docker. I haven’t quite figured out how it, nginx, and the app work together yet.

    I had to setup caddy when I installed vaultwarden, and while that was easy because I had a very good guide to assist me, I would have been completely and totally lost if I had to setup caddy2 on my own.

    So I definitely need to sit down one day and just do a full day’s read on reverse proxy, how it works with Docker and its function, and what I can do with it. Because the vaultwarden setup made it no easier to understand.

    I wanted to actually move nginx and mysql over to docker, but reverse proxy is also the reason that’s holding me back.


  • Thanks, I saw the last link when I first set this up, but not the first two. I’ll go through them and see if I can find the sweet spot.

    It’s hard to tell because while I’m the only user using my Gitea repo website, which is pretty much your own personal Github. However, from what I’ve read, even though there may only be one or two users, the usage of Elastic greatly depends on how much code it has to cache. Then when you search for something, Elastic has to go through all that code.

    So from what I understand, the more code you have in a repo, the more Elastic has to work, which makes figuring out the memory a bit of a random gamble.