Hey all! For the longest time I’ve had a server that hosts some things (eg Syncthing), but is only available via SSH tunneling.
I’ve been thinking of self-hosting more things like Nextcloud and Vaultwarden. I can keep my SSH tunneling setup but it might make it difficult to do SSL.
How do you manage the security of having public-facing servers?
Why not use a proper VPN instead of SSH tunnels?
Mostly a convenience thing, since I only need it on-demand and I usually use SSH for things anyway. As this post suggests I’m obviously rethinking that now :)
A VPN you could use on your phone, computer, laptop, tablet, TV, Samsung SmartFridge, etc. I’ll admit it’s a bit more involved than
ssh -L ...but it’s well worth it. Especially if you’re the only one using it. After setting up Wireguard I’ve elimated all my router port forwards except SSH and WGThanks for the tip! Tailscale was so easy to get into and is worth it like you said.