I hop into the selfhosted subreddit every once in awhile and as you would imagine it’s mostly hobbyists that have no clue what they’re doing, but they’re also not very receptive to advice from people who do. They have their own set of commandments at this point it’s pretty wild.
The most common thing you see is the idea that the holy grail of security being “not forwarding ports in your router”. Put your publicly accessible web service running on your unsegmented home LAN behind a cloudflare tunnel and you’re “secure”, problem solved, job done. If you point out the fact that this doesn’t solve any of the problems that go along with “port forwarding” or that CF tunnels MITMs all their data, you’ll get downvoted as a “CloudFlare hater”.
Similarly they tend to believe that there’s no reason to separate your publicly accessible server from the rest of the devices on your home LAN, especially because the home LAN is “safe”.
I hop into the selfhosted subreddit every once in awhile and as you would imagine it’s mostly hobbyists that have no clue what they’re doing, but they’re also not very receptive to advice from people who do. They have their own set of commandments at this point it’s pretty wild.
just wondering, but what are they commonly doing wrong?
The most common thing you see is the idea that the holy grail of security being “not forwarding ports in your router”. Put your publicly accessible web service running on your unsegmented home LAN behind a cloudflare tunnel and you’re “secure”, problem solved, job done. If you point out the fact that this doesn’t solve any of the problems that go along with “port forwarding” or that CF tunnels MITMs all their data, you’ll get downvoted as a “CloudFlare hater”.
Similarly they tend to believe that there’s no reason to separate your publicly accessible server from the rest of the devices on your home LAN, especially because the home LAN is “safe”.