As I’m learning more and more about self hosting, I’ve read repeatedly that the safest option for internally hosted services is to use a VPN from your mobile device (laptop, cell) and connect to your server(s) as needed when outside of your network. That brings me to a predicament of sorts.

Tools like Seafile, Nextcloud, Pydio, and CryptPad offer great collaborative features as well as easy sharing from these services. But if you’re not exposing any of these services to the web, how would you share documents or files easily with those outside your network? The share functions will generate a link with your IP:Port, or in my case, a domain name that is only internal. I know you can download a copy and email it separately, but that is a bit clunky. Is there a service or another FOSS app I’m overlooking that allow you to ‘publish’ items to an external friend or team member in a safe manner?

I’ve not yet decided on which solution I’m going with. But in the case of CryptPad it seems secure that I would be comfortable hosting externally making this question moot. But I’d likely host it on a VPS instead of my home server just for another layer of separation.

    • Father_Redbeard@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Ooh that Mistborn is clever! Thanks. I am currently using Wireguard from my phone to the server. But obviously that’s just me.

      I did try to spin Tipi up on both home server (unRAID) and my VPS (Ubuntu 20.04) and could not get it to play nice. Looks like a great solution though.

  • flatbield@beehaw.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    Put them on a VPS at a place like Linode. I frankly would not want to run internet facing services on my personal connection. Nor would I want the server on my lan unless I put it on a separate subnet that was firewalls from other stuff.

      • flatbield@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        The other thing is that you can favor end to end encyped stuff. Send for example which is the follow on to Firefox send. I actually use Bitwarden send to send files for example which comes with the Bitwarden paid plan.

          • flatbield@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Actually send was why I joined. Loved Firefox send. There are still random people that host send instances but to be secure you have to trust the server delivering the upload and download page including the server not being cracked. I think I trust Bitwarden not to screw that up at least as much as anyone else. Probably more then I would trust the security of my own VPS.

            • Father_Redbeard@lemmy.mlOP
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              That’s fair. I signed up for the premium sub so I could have emergency contacts in the event I either forget my master password or something happens to me. So until you said something I was completely unaware that it was a service they offered!

        • Father_Redbeard@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I have one with Rack nerd at the moment that I can mess with. Not impressed with their customer service but it was a $12/yr VPS so I’m not complaining too much.

            • Father_Redbeard@lemmy.mlOP
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              They still have their New Year’s deal going here and I bought the middle tier for $12.98/yr

              * 1 vCPU Core
              * 25 GB Pure SSD Storage
              * 1 GB RAM
              * 4000 GB Monthly Transfer
              * 1Gbps Network Port
              * Full Root Admin Access
              * 1 Dedicated IPv4 Address
              

              Its been working very well but I’m currently only running Miniflux and Wallabag on it. I tried Nextcloud but found it too much for my needs and was unhappy with the performance. I’m going to try Cryptpad as well as Tipi on it soon. Bear in mind this is my first VPS ever. So I’m far from an expert but this has been a great/inexpensive entry point. And to be fair to their customer service, they replied very quickly. But there was a fairly significant language barrier I think over email. But I was able to get it worked out after a half dozen emails.

              • Briongloid@aussie.zone
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                I’m considering 1.5GB for $16.88 per year, comes with a little less monthly transfer but I don’t think I will need the difference.

        • YurkshireLad@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Hetzner might be cheaper, but it might be more susceptible to performance issues. I used to use Netcup, which is also cheap, but isn’t VPS would get very slow from time to time, even though my usage was minimal.

  • Appoxo@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Risk vs Ease of use. You need to decide if one is worth the other.
    I have all my stuff exposed but is hidden behind 2FA.

    • adr1an@programming.dev
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Also, consider resources - costs ratio. Self host (+routing through vps) allows you tu have lots of power with low costs.

    • Father_Redbeard@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Very true. I didn’t know if there was some sort of “secure share” that could be leveraged without exposing the main app. Say Seafile, for example. Where a secure link is created and can be sent. I envisioned hosting something like that on my VPS and Seafile (or other) on the home server without exposing it. But reading more about CryptPad, that may be the ticket. Seems plenty secure to host on the web so I may go that way if no other options exist.

  • NightAuthor@beehaw.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I thought a reverse proxy was meant to kinda help mitigate some of the threats of having exposed services….

    Idk, I’ve got a domain and a reverse proxy with minimal services exposed to the internet. And those services require a login.

    • Father_Redbeard@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      On another thread someone brought up the point that if running multiple services on a server that touches the Internet and one is compromised, the server could be as well. I only started selfhosting early this year, so I am by no means an expert though.