I’m not great with Docker or networking, so when I picked up an n100 mini pc for self hosting I installed Ubuntu and Tipi to get started.

I used Tipi to install Immich and forwarded my ports, then setup cloudflare tunneling to expose it to the internet. Currently I’m migrating from Google Photos.

But since I’m new to this I’m worried about exposing Immich to the internet without really knowing what I’m doing. Any suggestions on ways to monitor my setup to make sure nothing goes wrong or gets hacked? Ideally any application suggestions would come from the Tipi app store but I’m willing to learn if there’s no other option. Thanks!

Sunny' 🌻
link
fedilink
English
48M

Have a look at Tailscale for your devices, this will prevent you from having to expose anything to the Internet, but rather having it behind your own VPN solution. Tailscale is the kinda service that is stupid easy to get going with too. HIGHLY recommend it!

@sacbuntchris@lemmy.world
creator
link
fedilink
English
28M

Thanks! I set it up last night after getting advice here!

@bbuez@lemmy.world
link
fedilink
English
18M

Hey don’t mean to hijack, I know tailscale isnt necessarily a tunnel (correct me if I’m wrong) but does it provide the typical issues with apps like android auto not working while connected to a VPN?

Sunny' 🌻
link
fedilink
English
28M

Neber tried it with Android Auto before, but I doubt it would, it’s a mesh vpn - not a typical vpn(proxy). So Tailscale is mostly for connecting your own devices together, however it’s possible that configure it to use Mullvad for exit nodes, if needed.

@sacbuntchris@lemmy.world
creator
link
fedilink
English
5
edit-2
8M

Thanks to everyone who took the time to answer. How do I check if my server has been accessed?

/bin/bash/
link
fedilink
English
48M

trough ssh when you connect to your machine run :

lastb -10

This will show you the last 10 login failed attemps you can change to 20 or whatever

you can also run: last -10 to see the last successful logged in

use :

more history

to see all the commands that someone have typed

on the dir /var/logs you have a lot of another logs too

for more paranoid level use

netstat -a

This will show you all incoming and outgoing communications

and like the others said considere using firewall and fail2ban

Note: don’t relly to much on firewalls since they are easy to bypass

keep all softwares updated

read frequently about new vulnerabilities if there is some vulnerability that affects your software until gets patched turn of that service.

@sacbuntchris@lemmy.world
creator
link
fedilink
English
18M

Thank you!

You just don’t and pray for the best /j

  1. create empty debit account
  2. place credentials to account in server’s home directory
  3. if you get a call from your new account’s bank, they’ve got your server
@sacbuntchris@lemmy.world
creator
link
fedilink
English
28M

This is honeypot security and is a best practice

/s

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 61 users / day
  • 98 users / week
  • 231 users / month
  • 844 users / 6 months
  • 1 subscriber
  • 1.53K Posts
  • 8.7K Comments
  • Modlog