@loki I'm planning on working on that next. Divorcing from Google after using it for I think close to 15 years is pretty rough.
Are you using it local only or are you hosting on a VPS?
idk about loki but it's personal preference.
I only host at my own. Not only is it cheaper in the long run I also have all my data on local disks.
@upshotknothole for internal network stuff it makes a lot of sense. It is pretty expensive here to get a static IP at home. I'd rather not use a client where I'm relying on a company to associate my dynamic IP with an account. My network attached storage has the option, for example. But then I'd be exposing a computer to the public with the ability to punch through my firewall. Makes me nervous.
Spinning up a 5 dollar/mo VPS is appealing. But I'd need to be better about admin duties.
@fullywoolly No need for static IP. That's what DNS is for.
There are various free (and sometimes #libre and #encrypted) DNS but idk how they differ from, say, 8.8.8.8.
Network Security is a problem which I haven't solved yet in my personal network (Oops).
I'm planning a DMZ which is basically sandwitching the public stuff between two firewalls. One firewall for the whole network and a second one for your private stuff (https://en.wikipedia.org/wiki/DMZ_(computing)).
I'm not a network engineer. You do you.
@fullywoolly
> Or I'd have to have a way of accessing my dynamic IP
you can have a domain for that. There are various free "domains". For example freedns.afraid.org/ or noip.com/.
These services usually allow no subdomains which let me to buy my own domain for like 10€/yr
@fullywoolly about DMZ: personally I would prefer a piece of dedicated hardware for firewall.
But I'm no network expert
@upshotknothole I have a domain I can use already, but the problem is still the IP. Updating the record for a dynamic IP won't work.
Iptables is a tried and tested firewall package. I'd venture to say that almost every Linux server is using it to prevent abuse and protect against threats. Even third party router firmware like OpenWRT is using it.
Most VPS sites will have instructions for using iptables to secure your new machine like https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands
You should try it out on your LAN.
@fullywoolly iptables is fine.
For updating your dns record (domain<==>ip) you can use ddclient
@upshotknothole I'll check it out! Thanks. I got my NAS set-up last night, so I might use that. Or more likely have it do a remote backup from a VPS. We'll see.
@fullywoolly there are, of course, other clients than ddclient.
Dynamic DNS can also be done by shell script if that's what people prefer (i don't ; most handshakes aren't trivial)
@upshotknothole I'd need static IP if I wanted to access my server from my phone or a work computer. Or I'd have to have a way of accessing my dynamic IP and know what it is as it updates in real-time.
The DMZ is a good idea. At that point, you could use iptables to protect the machine.