this post was submitted on 07 Oct 2024
90 points (98.9% liked)
Asklemmy
43963 readers
2048 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The problem for me is I believe you need to open your network firewall for Lemmy and other federated services to work right?
Not really a fan of opening up more attack surface on my home network
Yes, of course. Or search for an external reverse proxy. Cloudflare offers something like this. (You set a Cloudflare server IP as target for your domain and then tell Cloudflare your IP and all traffic is routed over the Cloudflare ecosystem so your actual IP is not publicly used.)
I just opened port 443 and forwarded it to my Docker host and have NPM running there, handling all the forwarding to the individual containers, based on the request, but due to my day job I know what I’m doing :)
I would still always be worried it'd been silently bot netted or something if it's accessible, even through cloudflare
I guess cloudflare does a lot to stop attacks from bots though right?
I never tried it personally but I assume you're pretty save.
https://www.cloudflare.com/products/tunnel/
Does sound pretty reassuring assuming all that works for non http traffic too
I just checked their FAQ. They have information about SSH, SMB, RDP, connecting private networks (VPN), etc. available. I did not dig deeper regarding specific ports, though.
You could always use a reverse proxy on your side just accepting port 443 connections (https) and forwarding to a specific docker container using a specific port without the outside world even knowing.
It also works through reverse proxies.
Is that not essentially the same issue as opening your firewall though? You're still taking requests from outside your network into your network without any authentication until they actually hit the server