ippocratis @ ippokratis @lemmy.ml

https://ippocratis.github.io/

---

Read more

Posts

4

Comments

29

Joined

2 yr. ago

Ok I'm not any networking expert but I think you are overestimating the risk here.

Opening a port doesn't mean you are opening your whole home network just the specific services you want. And those not directly but with a web server in front of them . Web servers talked in this tgread that sit in front of open ports are well audited . I think that measures like mtls a generic web server hardening are more than ok to not ever be compromised.

But yeah I'm surely interested to listen if you could elaborate.

Thanks

He he didnt but thats what he meant

I mean 99% of users use reverse proxy for https public access

Also read the threat replies ...

That's what this thread is about

..........

No?

Yes that's exactly what they do

The funnel exposes your local services to the public over https . Like what you want to accomplish with reverse proxy . Its just more straightforward for a beginner.

Personally I closed my router ports and switched to tailscalr funnels after using caddy with mutual TLS for years.

While using a web server before your self hosted micro services is the obvious answer and caddy the easier to configure, as a beginner you should also consider taiscale funnels. You dont need to mess with router stuff like port forward or caring if you ISP have your router behind a cgnat which is kinda norm nowadays , also dont have to care for a domain name dynamic DNS stuff . You could have a look to my quick how to . All you need is running a script , the ports and desired names of your subdomains and your tailscale auth key. https://ippocratis.github.io/tailscale/

Brave sync server is open source and self host able.

Everything a browser syncs is syncable passwords, history, bookmarks, cards etc

The "issue" is there is not a user interface element to easily add the self hosted instance url

There are workarounds though

You can read my quick how to here

https://ippocratis.github.io/brave/

Headscale does not support funnels unfortunately

Tailscale is not completely foss.

https://tailscale.com/opensource

Owntracks , overland or traccar apps to track device coords when it moves

Then Owntracks offer a very basic webui to show your track or pins within a specific time period on a map

Dawarich has some extra features and can handle google takeout and both Owntracks and overland json's

https://github.com/Freika/dawarich

Traccar has many features too

All apps require a server

I am also starting a web app that fit my needs

It offers search , route grouping , and a date picker .

I'm struggling to implement new features like poi visited locations , google takeout import , support other apps except owntracka, beatify it a bit etc but I'm no real Dev .

Either way you might want to have a look

https://github.com/ippocratis/location-history

Yeah I've tried that with my webdav mount coz its the obvious thing to do.

Problem is local notes are exposed to other apps and unencrypted.

Apps like neutrinote can protect notes in their app sandbox and create a backup mirror in location of choice e.g. a webdav Mount that happens to be behind mtls.

Syncthing does not offer mtls.

Thanks for the info. Will look in to that approach too.

Mtls requires that the android client device has a certificate installed that matches the one installed on the server in order to access it.

https://github.com/deku-messaging/Deku-SMS-Android

Supports emoji & images Supports e2ee if the other party also have deny SMS installed Supports message forwording

Same as above its a speech to text engine not a recorder but honestly thats all you need

https://github.com/ewheelerinc/LocalSTT

"But, thinking about it now, I doubt it will actually affect the feature"

It will not

We don't need to import a custom CA authority here just to insatll a client cert

Vaultwarden behind mutual tls and reverse proxy and https://github.com/oguzhane/bitwarden-mobile until https://github.com/bitwarden/mobile/pull/2629 is merged

But honestly all services you mentioned are worthy.

Anything that fits your needs imao

I use https://github.com/dgraziotin/docker-nginx-webdav-nononsense

There are many dockerised fileservers

OMV is quite limiting and maybe a little heavy for the pi(?)

Docker is straightforward Idk what to say You install docker and docker compose on host and run some compose.yml's to spin up your services

RPI4/400 is perfectly capable as a little home server. All it needs is a good SD card.

Owntracks,photoprism,monocker,brave go m-sync,libre photos,wallabag,radicals e,Baikal,Firefox sync,Joplin web,webdav server,jellyfin,vaultwarden,wireguard

Davx⁵ has Mac OS caldav carddav server integration so you can sync with it.

https://www.davx5.com/tested-with/calendar-and-contacts-server

On android you can use simple calendar or etar to view calendars and "tasks" or jtxboard for tasks/journals