So… I see a lot of talk about “security”, but no specifics about HOW this is more secure than searx or searxng (which I use).
What specifically is insecure with searx or xng? and what makes Websurfx MORE secure? Does SearX/NG have memory or other security flaws you can point to? (Ive been searching and can’t find anything specific, unless your self-host is insecure, but that on the user not SearX/NG)
It is my understanding that searx and xng are very privacy focused as when you search it send individualized tokens each time, so it is as if a fresh browser with no previous queries is being used. This is so an ad profile cant be built around you. It is also fully customizable, and in my opinion plenty fast.
I am just playing devils advocate here, I am sure your search engine is fine; however, I just see red flags when someone says “Hey we are better” but then doesn’t explain why. Generic words like “Privacy, Security, and Speed.” multiple times in the write up needs to be expanded upon IMHO.
Note: the benchmark was performed on a 1Mbps connection speed.
That seems… questionably useful as an overall performance indicator. I feel like you should test with a handful more bandwidths in there, up to at least a gigabit connection.
I have Nextcloud hosted internally in a podman container environment. To answer some of your more security related questions, here's how I have my environment set up:
Cloudflare free tier with my own domain to proxy outside connections to the public domain name, and hide my external IP.
A DMZ proxy server with a local traefik container with only ports required to talk to the internal Nextcloud server allowed, and inbound 443 only allowed from the internet (cloudflare).
An Authelia container tied to the Nextcloud container using "Two-factor TOTP" app addon. Authelia is configured to point to a free DUO account for MFA. The TOTP addon also allows other methods of you want to bypass Authelia and use a simply Google auth or other app. I'll be honest, this setup was a pain but it works beautifully when finally working.
Note: Using Authelia removes Nextcloud from the authentication process. If you login through Authelia, if set up correctly it will pass the user information to Nextcloud and present thier account. There is a way to have "quadruple" authentication of you really want it, where you log in through Authelia, Authelia MFA, then Nextcloud and Nextcloud MFA, but who would want that? Lol.
Another Note: If Authelia goes down for whatever reason, you can still log in through Nextcloud directly.
I have all of my containers set to automatically pull updates with the latest tag. This bites me sometimes of major changes happen, but it's typically due to traefik or mariadb changes and not Nextcloud or Authelia.
I have my host operating system set to auto update and reboot once a week in the early morning.
My data is shared through an NFS connection from my NAS that only allows specific IPs to connect. I'd like to say I'm using least privileged permissions in the share, but it's a wide open share as my NFS permissions are not my strong suite.
Alright, I guess I should also use the Cloudflare proxy. I could not find the reason I had not enabled it previously.
I’m a bit confused as to what a DMZ proxy server is compared to a reverse proxy. Is this a separate server you’ve set up specifically to handle inbound traffic where you’ve set up Traefik, or is this a container on your main server where you also host Nextcloud?
As I understand it, Authelia is a SSO solution that seems very beneficial for when I am running several services from the same server. Right now, I only run Nextcloud on the VPS - is there any added security benefit of running it there also, or is this mostly for convenience when hosting multiple services?
Setting up auto update and reboot once a week seems smart. Do you set this up with cron?
I installed nextcloud at first because I was looking for a basic forms app. Not something very complex, just needed something simple. The best I found was Nextcloud Forms. So I ended up driving a nail not with a hammer, but a battering ram. But I knew that I might find other uses later.
Since then, I’ve discovered and used many apps.
Files lets me easily share documents with others with a link.
I started storing recipes in Cookbook, instead of links in a file.
I started storing bookmarks across all my devices in Bookmarks and floccus.
I got into podcasts by subscribing to RSS feeds with News.
I started doing my todo lists digitally with Tasks. This one in particular has very much changed my daytoday along with the android app tasks from tasks.org.
How are you liking the tasks app? I haven’t used it much but I was trying the Deck app for a while as a Trello replacement but found it too basic. I was wondering if the regular tasks app was missing any useful features too.
I actually started with deck and then moved to tasks because I likes the simplicity of a binary “done/not done” as apposed to moving cards across boards (which I used todo/doing/done). Theres a couple features that I use on a given task, like dates, descriptions, and subtasks, but thats it. I suspect that if deck was insufficient for you, thats tasks isnt the right solution either.
I was looking at tasks.org and it seems pretty nice. I think I have two types of tasks usually. Some are more project oriented and fit better with a trello style kanban board, but I also have simpler ones like grocery lists, bill reminders, etc. I use remember the milk for that currently, but I’ll probably try switching.
I was also looking at etesync recently for caldav/cardav but I kind of like the idea of it being integrated into nextcloud better.
Youve reminded me that deck and tasks actually integrate with one another. If you have a deck card assigned to you, it shows up in a special feed in tasks as well. I think its a little clunky but might be a feature of interest. I just opted for all tasks, since my nextcloud is single user.
Related question for those of you running Proxmox... how do you back up the Proxmox host itself? Last time I looked into it the recommended solution was basically manually copy a few folders in /etc or do a full disk backup but that's pretty unsatisfying. Currently I can easily restore any VMs that fail from backup with a few clicks, but if the SATADOM I installed Proxmox onto failed it'd be kind of fiddly to reconstitute and restore all the other settings/networking/etc.
I'd rather there be a dedicated instance to archiving subreddits rather than populate current communities with old stuff. (As in, probably could do this to more than just selfhosted) Read only, if lemmy even works that way, but federated so people on lemmy can link to it and read in app easily. We shouldn't let reddit hold the keys to useful historical information that has been gathered over the years, I feel it needs to be self-hosted and mirrored, but forging a new community culture I think is better than direct baggage from reddit.
I expose quite a few services to the web, so having that extra layer of protection is nice. And it allows me to control what leaves my network from an application perspective, not just TCP/UDP
It really isnt bad. I do most of my computer at home so I really only need a small cloud box to pipe things through when needed.
And I could reduce the B2 price a lot with some deduping of my data, but that’s an ongoing and painfully slow process since I was too reckless with my local backups in the past, so $7 to avoid that process is worth it.
And for electric I suspect it’s pretty low. I’m running 3 raspberry pi, a 4 bay NAS, and one micro PC and I live in an area with pretty cheap electric already. I think my gaming machine probably takes more power in a few hours than the rest of the system does in a day.
Self hosting is actually crazy cheap compared to any kind of corporate solution. Anybody paying for SquareSpace, for instance, could cut their cost by a factor of 20 or more with a FOSS alternative like Ghost Blog.
I know my setup is over engineered a little so I pay a bit more, but my expenses are still under $100 per year for subscription services that support the self hosting.
$2.50 per month for a VPN.
$40 per year for two VPS’s (this is what I know I overpay for since I didn’t really know how much I needed when I set it up, but the time to change it is worth more to me than the extra $10 per year).
$17ish per year for a domain name.
Plex lifetime pass (around $100 one time).
And of course, ten million dollars in man hours spent learning how to use Linux.
Impossible to say without providing more details. But somewhere between 10€ and 200€ a month depending on your setup and how you calculate in hardware costs.
Well, I am paying less, but if you realistically calculate the costs of hardware over its lifetime, this is certainly not unrealistic for many homelabs.
Realistically thinking, my domain name, email, VPN and IPTV are the only things I’m gonna be paying for in the next few months. If that came to £200 a month, I’d die 😭
Power, Domain Name (if using a standard paid one instead of the cheaper route), VPN are the 3 that I pay for that I feel are the bare minimum.
I pay for a domain that's $12, but you could easily get the $1 ones for the same purposes. I pay for a static and service VPN with Windscribe, which comes out to be like $35+$89 respectively. So that's already $136 a year excluding the cost of power. I could cut that cost easily, but I use them for more than just my selfhosting so I feel like it's a fair price for what I get out of it.
The answer to that will be everyone’s favorite “it depends”. Specifically, it depends on everything you are trying to do. I have a fairly minimal setup, I host a WordPress site for my personal blog and I host a NextCloud instance for syncing my photos/documents/etc. I also have to admit that my backup situation is not good (I don’t have a remote backup). So, my costs are pretty minimal:
$12/year - Domain
$10/month - Linode/Akamai containers
The Domain fee is obvious, I pay for my own domain. For the containers, I have 2 containers hosted by the bought up husk of Linode. The first is just a Kali container I use for remote scanning and testing (of my own stuff and for work). So, not a necessary cost, but one I like to have. The other is a Wireguard container connecting back to my home network. This is necessary as my ISP makes use of CG-NAT. The short version of that is, I don’t actually have a public IP address on my home network and so have to work around that limitation. I do this by hosting NGinx on the Wireguard container and routing all traffic over a Wireguard VPN back to my home router. The VPN terminates on the outside interface and then traffic on 443/tcp is NAT’d through the firewall to my “server”. I have an NGinx container listening on 443 and based on host headers traffic goes to either the WordPress or NextCloud container which do their magic respectively. I also have a number of services, running in containers, on that server. But, none of those are hosted on the internet. Things like PiHole and Octoprint.
I don’t track costs for electricity, but that should be minimal for my server. The rest of the network equipment is a wash, as I would be using that anyway for home internet. So overall, I pay $11/month in fixed costs and then any upgrades/changes to my server have a one-time capital cost. For example, I just upgraded the CPU in it as it was struggling under the Enshrouded server I was running for my Wife and I.
You’re my favourite person of this thread so far. Way more information than I need, but the type of post you can come back to and learn things from over and over. Thank you.
It really depends on what you’re doing. In my case the soft costs like domains are pretty negligible compared to how much I seem to spend on more hard disks every six months. You might tell yourself, “96 TB of raw storage will last forever,” but it turns out forever is about a year.
That’s a slight exaggeration. I think it was about 2 years to get close to filling that up. Keep in mind that a chunk of that is unusable due to drive parity.
If I remember correctly ZFS keeps the whole array running whenever one is active (which is basically always). If I remember, I’ll check my UPS when I get home to see the actual power draw. The storage itself is probably cheaper to run than the main server in the rack - a gen8 HP 360p, which is a bit on the old side and I’d guess not terribly efficient being a 1U piece with many small high-powered fans running constantly.
Electricity here isn’t too expensive though, being public hydro power.
selfhost
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.