I’ve managed to set up a baikal server to sync my calendars and tasks instead of using a free cloud service provided by nextcloud. I’m able to reach it from beyond my local network, but this is all very new to me and I’m a little worried about what permanently leaving a port open for this.
I’m hoping to find some resources for securing this, before leaving it up all the time. I suppose as an alternative I can always only run it at home and only sync when I’m home but this seems less ideal.
Thanks a bunch for the help in advance. I really appreciate it.
I unfortunately can’t really offer much advice here. I configured Wireguard on my phone by essentially copy/pasting the configuration from my laptop and changing the values as necessary like the public key and client IP address. Turned it on, it activated VPN mode in Android and everything started working.
I guess make sure you haven’t mixed up your public/private keys, your server knows about the new device (and is restarted), and your phone is using the right IP address as basic troubleshooting steps.
I added a final edit where it turns out I just mistyped the public key and the rest of the config was completely fine. Oops lol. Thanks for your input on this I really appreciate it. Now final question. Since my server now works on a whitelist basis, it should be reasonably safe to leave the port open indefinitely going forward? If not, is there more I should consider doing to increase security?
Thanks again :)
Security is a gradient that depends on your threat model, etc, but unless you’re being targeted by a nation-state or something that should be plenty secure
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I unfortunately can’t really offer much advice here. I configured Wireguard on my phone by essentially copy/pasting the configuration from my laptop and changing the values as necessary like the public key and client IP address. Turned it on, it activated VPN mode in Android and everything started working.
I guess make sure you haven’t mixed up your public/private keys, your server knows about the new device (and is restarted), and your phone is using the right IP address as basic troubleshooting steps.
I added a final edit where it turns out I just mistyped the public key and the rest of the config was completely fine. Oops lol. Thanks for your input on this I really appreciate it. Now final question. Since my server now works on a whitelist basis, it should be reasonably safe to leave the port open indefinitely going forward? If not, is there more I should consider doing to increase security?
Thanks again :)
Security is a gradient that depends on your threat model, etc, but unless you’re being targeted by a nation-state or something that should be plenty secure