Hey all! For the longest time I’ve had a server that hosts some things (eg Syncthing), but is only available via SSH tunneling.
I’ve been thinking of self-hosting more things like Nextcloud and Vaultwarden. I can keep my SSH tunneling setup but it might make it difficult to do SSL.
How do you manage the security of having public-facing servers?
Yes. I used to do that when I had no other option. In my early days I managed to get a worm spread by a susceptible sshd in… red hat 5ish… don’t remember exactly. But the point being: keeping things secure is hard work. And even then it might not be possible.
These days I use tailscale and essentially never leave my internal network regardless of being directly connected to it or not.
Set it up with your own DNS server and tailscale’s ability to forward specific domains to your DNS server and it all just works.