Foster Hangdaan
Just a random person who likes building software and configuring Linux.
- 0 Posts
- 4 Comments
First of all, doesn’t Navidrome have authentication? So, I don’t see why exposing it to the public is a problem.
Second, some reverse proxies support basic auth. This way, you can password-protect some services and is useful if the service does not have its own authentication. Here as an example snippet for Caddy:
example.com {
basic_auth {
# Username "Bob", password "hiccup"
Bob $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG
}
reverse_proxy myservice:8000
}
You’ll have to look up the docs for other reverse proxies.
If you need S3-compliant storage for testing and development, you can use an S3 mock server. I’ve tried the following for use in web development and CI environments, they are lightweight and configurable:
There is also Localstack. I found this one to be a bit more complex than the ones above and ended up not sticking with it.
That advice is a bit old-fashioned in my opinion. There are many tools nowadays that will get you a very secure setup without much effort:
And of course, besides all these tools, the simplest way of securing public services is to keep them updated.
Rogers has been my ISP for several years and have no issue receiving HTTP/S traffic. The only issue, like with most providers, is that they block port 25 (SMTP). It’s the only thing keeping me from self-hosting my own email server and have to rely on a VPS.