家用NAS/Server/Homelab集中討論區(4)

992 回覆
19 Like 1 Dislike
2024-01-19 16:56:31
其實要remote manage既話可以睇下pikvmunder 1000蚊可以搞到 之後可以買塊平d既板
不過你要4條ram既itx 咁冇得點揀等睇你砌機
2024-01-19 17:01:49
但係佢又唔想外網access 到
再唔係用cloudflare tunnal 就唔洗開port
講多句要安全就唔好selfhost
2024-01-19 17:03:30
2024-01-19 17:05:56
佢behind vpn係ok既 我覺得

我見vaultwarden都有教你申請張免費letsencrypt cert 再加duckdns/synology ddns指個domain去internal IP(即佢reverse proxy個internal IP)就得
https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs

我理解係佢冇必要放443port出街 放vpn已夠
2024-01-19 17:06:35
2024-01-19 17:10:50
2024-01-19 17:20:31
唔洗,免費嘅可以tunnel http嘢出街,會幫你加埋cert,當然你預咗佢可以access到你嘅data,信得過佢就用
2024-01-19 17:24:34
2024-01-19 17:29:09
btw真係長知識
原來lets encrypt仲可以派cert比private ip上面唔問我都唔會知
2024-01-19 17:31:59
我記得以前呢度好似都有人講過唔放出街用vaultwarden
2024-01-19 17:37:50
Router 唔開443 用唔到ddhs 個網域用唔到張ssl cert
Vaultwarden 一定要用https
2024-01-19 17:43:34
仲以為self host 會安全d
咁都係考慮用返bitwarden 1password 果d算
2024-01-19 17:53:30
其實兩睇,自己host一定安全冇人地做得咁好,但俾人睇中要搞你嘅機會唔大

放出面一般安全性就冇問題亦都好少出事,但一出事嘅話一定全世界都睇哂

唔計速度嘅話,理由同用nas定用cloud一樣
2024-01-19 18:04:23
你係dns到將個domain指向internal reverse proxy ip得唔得?我理解係你唔洗開443 個flow大概係咁:
你駁住vpn -> 開bitwarden,vault ip指向你個domain -> 個domain指向你internal reverse proxy ip -> reverse proxy派張ssl cert比你手機app ->通到
2024-01-19 18:51:47
因為你個domain dns A record指向既係internal ip
咁就冇必要開443 淨係開vpn port就得

又或者自己host個dns server 個dns server有條record係你個domain指向internal reverse proxy 再係個vpn到set dns server做你呢個新開既我未做過 但應該都work
2024-01-19 19:05:49
我自己咁set...
traefik https proxy vaultwarden .
traefix 裝 cert self gen (or let's encrypt)
放街就 wireguard ...VPN 返去再access lan ip or domain name
2024-01-19 19:08:15
wireguard 長開,淨係tunnel Adguard home 同個 reverse proxy ip.
2024-01-19 21:39:26
吹水台自選台熱 門最 新手機台時事台政事台World體育台娛樂台動漫台Apps台遊戲台影視台講故台健康台感情台家庭台潮流台美容台上班台財經台房屋台飲食台旅遊台學術台校園台汽車台音樂台創意台硬件台電器台攝影台玩具台寵物台軟件台活動台電訊台直播台站務台黑 洞