this post was submitted on 25 Aug 2023
12 points (87.5% liked)

Selfhosted

40180 readers
1491 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
12
Setting up Baikal (lemm.ee)
submitted 1 year ago by Corr@lemm.ee to c/selfhosted@lemmy.world
12 comments fedilink hide all child comments
 

I've managed to set up a baikal server to sync my calendars and tasks instead of using a free cloud service provided by nextcloud. I'm able to reach it from beyond my local network, but this is all very new to me and I'm a little worried about what permanently leaving a port open for this.

I'm hoping to find some resources for securing this, before leaving it up all the time. I suppose as an alternative I can always only run it at home and only sync when I'm home but this seems less ideal.

Thanks a bunch for the help in advance. I really appreciate it.

top 12 comments
sorted by: hot top controversial new old
[–] BitSound@lemmy.world 4 points 1 year ago (1 children)

Wireguard might work well here. You'll have to set it up on each device you want to have access your server, but I'm guessing that syncing only involves a handful of devices, which wouldn't be bad.

[–] Corr@lemm.ee 1 points 1 year ago (1 children)

So if I understand this correctly, I configure wireguard on the server end and port forward to the IP for the wireguard interface? and then configure devices to send packets through their wireguard interface for specific applications to get synced up? Thanks for your reply :)

[–] BitSound@lemmy.world 2 points 1 year ago (1 children)

Yeah, when you configure it, you essentially say "all traffic to 1.2.3.0/24 should go through this wireguard connection". Then, your OS automagically knows "oh, this connection to 1.2.3.4 should go through Wireguard, and I'll handle it like so". You don't have to configure any applications specifically, their network connections just get routed appropriately by your OS.

[–] Corr@lemm.ee 1 points 1 year ago (1 children)

So I'm just taking a look at wireguard on android. I just need to point a specific address to wireguard and it takes care of it then? This seems relatively straightforward to configure.

Last question (hopefully). I'm running this server off a pi with bullseye. The guide on their site for setting up a server uses buster but the client uses bullseye. The buster version needs to setup unstable release packages but the bullseye client doesn't. This should mean that I'm good to just grab the default Debian package on bullseye?

Thank you very much for your help with this!

[–] Patrick@discuss.tchncs.de 2 points 1 year ago

If you want an (even) simpler wireguard setup, you could also look into https://pivpn.io/ for the server side.

[–] drudoo@lemmy.world 2 points 1 year ago

Use a reverse proxy in front and be sure to have auth setup in Baikal.

I’ve been using it with traefik for 5ish years now without issues.

[–] Jerry1098@sh.itjust.works 1 points 1 year ago (1 children)

Just in case you never heard of it, there is also the option to use Tailscale. It lets you connect to your services without opening any ports and uses Wireguard under the hood but makes configuration simpler

[–] Corr@lemm.ee 1 points 1 year ago

I have wireguard set up now and its working completely fine now. Thanks for the recommendation!

[–] wildbus8979@sh.itjust.works 1 points 1 year ago (1 children)

There are a number of options...

Setup a reverse proxy with nginx, using SSL, with http auth or better yet client certificates.

Setup a VPN to access your home network.

Use SSH forwarding to access the local service.

[–] Corr@lemm.ee 1 points 1 year ago (1 children)

Are these all roughly equivalent in security? Or is it a case of some of these being a bit less complex to set up but you sacrifice security? I'll look into these options though. Thank you

[–] wildbus8979@sh.itjust.works 2 points 1 year ago

If setup correctly they are mostly equivalent.

[–] Decronym@lemmy.decronym.xyz 1 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
SSH Secure Shell for remote terminal access
SSL Secure Sockets Layer, for transparent encryption
VPN Virtual Private Network
nginx Popular HTTP server

5 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #80 for this sub, first seen 25th Aug 2023, 11:15] [FAQ] [Full list] [Contact] [Source code]