Greetings! I currently host a number of services on an old pc in my basement. I have ports 80 and 443 forwarded and am running Nginx Proxy Manager as well as Authelia to protect most of them. I have set up a lemmy instance that I am using as my main point of access to the fediverse. I guess I have two questions. I am assuming that hiding lemmy behind Authelia would break Federation (although maybe only one way?), is that correct? And secondly, would it be objectively safer for me to pay for a VPS, run Nginx Proxy Manager there and then forward all of the traffic to the services hosted in my basement server using Tailscale? Thanks!

  • cstine@lemmy.uncomfortable.business
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    NPM also looks abandoned right now. There’s some security patches that are not being addressed, and certificate renewal is hit or miss due to the age of NPM’s certbot vs the mainline.

    If you’re deploying something new, you might want to consider caddy or nginx by itself or some other reverse proxy at this point since it really looks like the dev has vanished and nobody is taking over maintenance yet.

    • El Gringo Loco@lemmy.donmcgin.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      Are you sure it’s abandoned? The docker page was last updated three days ago and there is activity on the github page. Are they just updating the software without pushing any security fixes? I’ve definitely not had issues renewing certificates

      • cstine@lemmy.uncomfortable.business
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 years ago

        There are nearly 1000 open issues and a couple of them are about potential vulnerabilities where the repeated refrain is ‘we tried to contact the developer, but there’s no response’ which makes me… uncomfortable, especially given that NPM was the gatekeeper to a lot of services on my local network.

        The cert error is related to outdated python code in the latest shipping version, https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2912 and 2921.

        Again, you CAN work around it but the whole radio silence on issues and ongoing issues just makes me uncomfortable with the project and exceedingly reluctant to continue using it because it’s unclear what’s going on, and why.

        • El Gringo Loco@lemmy.donmcgin.comOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 years ago

          Thank you for explaining and for the examples, it’s definitely time to start learning caddy. I liked npm for the simple gui, but security and reliability are more important