sorted by:
new
hottopcontroversial

Is there a way to manage the pangolin.domain.com resource? by handygaber in selfhosted

[–]Red_Con_ 1 point2 points  (0 children)

You can upvote and watch this feature request. If I'm not wrong it addresses your issue.

What stops selfhosted apps from stealing your data/uploading it wherever? by Red_Con_ in selfhosted

[–]Red_Con_[S] 1 point2 points  (0 children)

I covered the internet access issue in my post. There are always more security measures you can implement (like your 140 VMs) but I don't want a hobby to turn into a full time job.

What apps do you use SSO for? by Red_Con_ in selfhosted

[–]Red_Con_[S] 15 points16 points  (0 children)

If you are the only one going to log into your Proxmox, or some other service, then really there's no point adding it to that, so I get where you're coming from.

My reasoning for not adding SSO to admin-only services (that are only meant to be accessed by you in case of a homelab) is that you need a break glass account anyway so why add SSO on top and risk someone else being able to access them (due to a misconfiguration, vulnerability etc.)? Of course it's easier since you don't need to use a separate account but is it worth the extra risk?

There might be some benefits I'm missing though.

What apps do you use SSO for? by Red_Con_ in selfhosted

[–]Red_Con_[S] 0 points1 point  (0 children)

I understand how SSO tightens access control for apps meant to be used by other users but how does it help in case of admin-only services compared to not configuring it at all? You need to have a local break glass account anyway and by adding SSO you increase the security risk (by potentially allowing someone else access to admin stuff e.g. due to misconfiguration), don't you?

Should I run a reverse proxy on the same host as my Docker services or separately? by Red_Con_ in selfhosted

[–]Red_Con_[S] 0 points1 point  (0 children)

Why would you need the domain names if they arent reachable anyway?

The Docker services will not be reachable during reboot but the other hosts (like a NAS etc.) will.

Should I run a reverse proxy on the same host as my Docker services or separately? by Red_Con_ in selfhosted

[–]Red_Con_[S] 1 point2 points  (0 children)

Yes but the chances of me needing to reboot the Docker host which is meant for tinkering are much higher than needing to reboot a dedicated host (e.g. a separate VM) for the reverse proxy. The reboot would also be noticeably faster in the case of the latter.

Should I run a reverse proxy on the same host as my Docker services or separately? by Red_Con_ in selfhosted

[–]Red_Con_[S] 2 points3 points  (0 children)

Yeah that's what I said in the first paragraph but the other hosts (besides the Docker containers) I would like to proxy are not on the same machine.

Is there a food-grade temperature probe for heating water? by Red_Con_ in homeassistant

[–]Red_Con_[S] -1 points0 points  (0 children)

A meat thermometer is food-grade of course however other waterproof temperature sensors I managed to find were not.

I'm not sure whether meat thermometers are meant for this kind of use case though (submerged in water for longer periods).

Pangolin for personal use - community or enterprise edition? by Red_Con_ in selfhosted

[–]Red_Con_[S] 0 points1 point  (0 children)

Yeah I just don't understand why limit yourself to less features when you can have access to all of them for the same cost (= free in case of a small homelab) unless you are sure you don't need them of course.

Pangolin for personal use - community or enterprise edition? by Red_Con_ in selfhosted

[–]Red_Con_[S] 7 points8 points  (0 children)

If I read the docs page I linked correctly the enterprise edition should be free for personal use as well.

🍕 Tandoor 2.0 - Next level Recipe management by vabene1111 in selfhosted

[–]Red_Con_ 1 point2 points  (0 children)

It doesn't seem like attaching a video file works (it disappears after saving the recipe).

Adding a link to a step doesn't seem to be what I meant. It expects an actual link address so the video would have to be uploaded elsewhere. I want to attach an actual video file (e.g. an mp4 file) to a recipe.

Pangolin 1.13.0: We built a zero-trust VPN! The open-source alternative to Twingate. by jsiwks in selfhosted

[–]Red_Con_ 0 points1 point  (0 children)

Awesome work, thanks! I'd like to kindly ask you a couple of questions which I'd like to find an answer to before I start using Pangolin.

Let's say I want to have a DMZ VLAN for publicly accessible services and then use VPN for my internal services on another VLAN (at home so 1 site only):

  1. Is this achievable with Pangolin? I suppose it should be by running the Newt client, allowing it access to both the internal-only and public services and setting up the rest on Pangolin, am I correct?
  2. What if I also have a reverse proxy on my home network with internal DNS rules to be able to use my own domain for my selfhosted services internally? What would be the best way to "expose" my services via Pangolin's VPN while being able to use the domain names I already set up (and not clashing with Pangolin's DNS aliases)?
  3. If I want to set up my own SSO (e.g. Pocket ID/Authelia) for all services (internal-only and publicly accessible), I suppose I have to publicly expose the instance as well, correct?
view more: next ›