| ▲ | horsawlarway 5 days ago | |
If this is the goal (and I think it's a perfectly commendable goal), you being afraid of the public web makes it basically impossible. Honestly - just make the service public. Let your wife share links to her photo albums with her friends - have them point to your domain. Make your friends make accounts on your services if they need to - or better yet, provision accounts automatically for them (I do this). I understand the fear here, and I get it, but I also think it's widely misplaced. Pay a small sum for backups, rotate them, and let it rip. The suburban web is actually pretty good these days (at least in real suburbs, I have 2gbs/down 1gbs/up in mine) and it basically only gets better. --- My experience comes from hosting several sites for my family (including extended family in several different cities and countries) and also several sites for my neighborhood. The vast majority of them are public (as in - there is a public domain that resolves to my services with no need for preshared secret [aka: tailscale or other wireguard based vpn]). Yes, you get clearly bogus traffic scanning for the lowest of low hanging fruit (ex - php_myadmin/wp-admin/etc) but auth solutions have come a long way, and I don't even bother blacklisting/fail2banning anymore. It's a waste of time and effort for small peanuts. It's pretty easy to configure SSO pointed at something like Keycloak/Authelia and then have your friends get a centrally managed account with 2fa required. Ex - Jellyfin, Bookstack, Gitea, Immich etc... I host all of these (and lots more) and SSO support is pretty good these days. Personally, if all your public infrastructure is behind a keycloak login form... I don't think you're going to have many problems. --- Side note - this is one perfectly acceptable strategy to reach the point you want (community based self-hosted solutions). I host services for my neighbors & family. Not every household needs to be an expert, and no need to get the gov involved (not that I mind the idea of a new digital services library, either). But fear of the public web means you can't ever reach that spot. | ||
| ▲ | drew_lytle 4 days ago | parent [-] | |
Thank you for your comment this is really enlightening! I'd love to learn more about services you're hosting for friends and neighbors and how that works technically and socially. If you're interested in connecting – please email me hn@drewlyton.com | ||