Matthew Sanabria (Sep 06 2024 at 20:34): Matthew Sanabria (Sep 06 2024 at 20:34):What are you all doing to expose services run in your home lab publicly? Any security features you're using (e.g., Cloudflare)?
Alex Barnes (Sep 06 2024 at 20:48):I've taken to not exposing anything over last year or so. Just use tailscale exclusively now, and that's worked flawlessly.
Lars Ellingsen (Sep 06 2024 at 21:05):Do you have Tailscale on any device that you'd use to access it then? I'm thinking of trying to self-host a Google photos alternative, I think I'd need Tailscale on each phone
Alex Barnes (Sep 06 2024 at 21:33):Yes, so any device I use outside my local network I have tailscale installed on. And also installed on my two homelab servers.
So I can use services running on those outside the local network by using the tailnet ip's or use the server as an exit node and use local ip's.
I haven't done, but you can also setup ACL's to control which devices can connect to each other.
Yes I'm hoping to get round to trying immich for photos at some point.
Matthew Sanabria (Sep 07 2024 at 00:56):I think tailscale would work for some of my selfish use cases but if I were hosting for others then requiring tailscale is a high barrier to entry to ask.
Matthew Sanabria (Sep 07 2024 at 00:56):What about like fronting for something like DDoS protection and such?
Alex Barnes (Sep 07 2024 at 09:48):Yes of course, there is only my wife and I using the services I've got running. I've not looked into anything else as not had any need so far.
Alex Barnes (Sep 07 2024 at 09:49):@Matthew Sanabria Enjoyed your blog post on system initiative. It's prompted me to have another look at it. Hoping to create some functions to manage proxmox in my homelab.
Matthew Sanabria (Sep 08 2024 at 02:12):@Alex Barnes thank you for reading that. I really enjoy System Initiative. It's still in its early days but it's a refreshing look on the whole infrastructure as code space. My Turing Pi 2.5 should be shipping this month so I'm going to continue to use System Initiative for my home lab once it's in.
Matthew Fish (Oct 02 2024 at 18:05):I use Cloudflare for things i want to access easily (or family, wife, etc) pushed to Nginx Proxy Manager, then Authentik SSO, SAML, or Header Auth for about 1/3 of my hosts, which could probably use improvement. I also run fail2ban, which I need to dig into more, and a bunch of custom rules on my site via Cloudflare blocking by country, IP range, and ASIN.
Everything else I Tailscale into. It's great!
Konrad (Oct 03 2024 at 15:52):Not using it yet, but Tailscale funnel could be used to expose tailscale resources to the public internet. That sounds handy if you have clients which do not run a tailscale client but also expose more attack surface, basically like running stuff on a public VPS.
AJ Kerrigan (Oct 03 2024 at 16:28):Wasn't aware of tailscale funnel, sounds like ngrok for your tailnet
Matthew Fish (Oct 03 2024 at 17:51):TailScale Funnel Docs for anyone interested, will be taking a look at this.
Konrad (Oct 03 2024 at 20:50):In essence, you could also rent a VPS for the public IP, install nginx and tailscale, and route incoming public requests to your tailnet IP by adjusting the nginx conf. There are many options. I just thought tailscale is used by many already and does usually not end up costing money for homelab usage. :sweat_smile:
Matthew Sanabria (Oct 06 2024 at 03:28):Thanks for sharing Tailscale funnel. Didn't know about that.
Konrad (Oct 06 2024 at 07:19):Kudos to @Gerhard he mentioned it to me :smiley:
Last updated: Dec 12 2024 at 16:47 UTC