Allero @ Allero @lemmy.today

Posts

15

Comments

2,193

Joined

2 yr. ago

Yes, I know where this feature is in the settings, but it's got its own issues and I also turn the NAS off for the night, so it's not an option for me.

Guess I am going ahead of myself, yes, which gets even more complicated by having another server (Synology NAS) already installed and messing with networking a little, as internal settings appear to expect the NAS to be the only exposed thing on the network.

Thanks for the link! I've seen that thumbnail, but most guides are solely focused on actually installing Nginx Proxy Manager, which is the easy part, and skip the rest, so I glanced that one over.

P.S. Looks like I did everything right, I just need to sort my SSL stuff to work properly.

Pretty solid! Though insta-ban on everything :80/443 may backfire - too easy to just enter the domain name without subdomain by accident.

Nice to know!

Will try!

Interesting!

But I don't want to mix it too much. I do have a Docker on it with just some essentials, but overall I'd like to keep NAS a storage unit and give the rest to a different server.

I treat NAS as an essential service and the other server as a place to play around without pressure to screw anything

I do remember that and take quite a few precautions. Also, nothing that can be serioisly used against me is in there.

I will eventually!

But for all I understand, it is to put many services on one machine, and I already have a NAS that is not going anywhere

No truly private photos ever enter the NAS, so on that front it should be fine.

VPN is not an option for several reasons, unfortunately.

But I do have a Let's Encrypt certificate, firewall and I ban IP after 5 unsuccessful login attempts. I also have SSH disabled completely.

SSL Test gave me a rating of A

Oh, nice! So I don't have just one, but many external IPs, one for every local device?

Where do I type rpi's IP, just in port forwarding? Or somewhere else?

I want for Nginx proxy, controlled through the Manager, to direct traffic to different physical servers based on subdomain.

I put in nas.my.domain and I get my Synology on its DSM port. I put in pi.my.domain and I get a service on my Pi.

Just me and the people I trust, but there are certain inconveniences around using VPN for access.

First, I live in the jurisdiction that is heavily restrictive, so VPN is commonly in use to bypass censorship

Second, I sometimes access my data from computers I trust but can't install VPN clients on

Third, I share my NAS resources with my family, and getting my mom to use a VPN every time she syncs her photos is near impossible

So, fully recognizing the risks, I feel like I have to expose a lot of my services.

While not supportive of Big Tech, I do appreciate your piece of advice, and understand self-hosting needs differ!

P.S. Also beware, seems like there's a new attack through Tunnels:

https://www.csoonline.com/article/4009636/phishing-campaign-abuses-cloudflare-tunnels-to-sneak-malware-past-firewalls.html

Heard quite a few positive reviews on that one, thanks!

Yup

Actually, I do - 81 is exactly the default port for nginx proxy manager. I just tried to expose it as a testing example, and already closed it back after a success (apparently port forwarding worked just fine, it's just that DMZ messed with it)

And since we're talking about this, what do I do with it next? I have it on my Pi, how do I ensure traffic is distributed through it as a reverse proxy? Do I need to expose ports 80 and 443 and then it would work automagically all by itself?

Worked eventually, was about DMZ on the router for my NAS

Thanks!

Thanks! Syno one didn't work properly, but I got it to work through different means

Thanks!