this post was submitted on 16 Jan 2024
28 points (93.8% liked)
Open Source
31200 readers
205 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You don't need to own a domain, what you most likely need is some kind of dynamic DNS service.
https://freedns.afraid.org/ is one of them, they'll give you a subdomain you can pick and the client will update the IP to which the domain point whenever it changes.
This is what you need, assuming you've a public IP from your ISP and you can go into your router and port forward ports to your TrueNAS server.
Now regarding software, since you're using Syncthing already I would suggest you stay away from the complexities and vulnerabilities of Nextcloud and simply use FileBrowser, this is way easier to setup and use. I believe there's even something on TrueNAS to get it running.
How if you're about to expose your NAS/setup to the internet you've to consider a few things for your own safety.
Quick check list for outward facing servers:
Realistically speaking if you're doing this just for you / a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won't probably impact the performance. This is a decent setup guide https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-debian-11 and you might use this GUI to add/remove clients easily https://github.com/ngoduykhanh/wireguard-ui
With WireGuard you'll only need to port forward the WG port reducing the attack surface. After you connect to the VPN you get access to the server as if you were on the local network. This mean you'll even get SMB/Samba access to the files and/or access to any other service the server might me providing, you don't need anything else or change your current workflow, simply connect to the VPN and access your data as if you were home.
Another advantage of going with WireGuard is that you can more safely ignore the step (4) and (5) because only exposing the VPN through a port forward in your router won't create much of an attack surface / anything that can be bruteforced. Your setup will be easier to deploy and maintain.
Note that WireGuard is designed with security in mind and it won't even be visible in typical IP scans / will ignore any piece of traffic that isn't properly encrypted with your keys.