87
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 12 Jul 2023
87 points (100.0% liked)
Selfhosted
60320 readers
541 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
It all just depends on how much you trust the app, and how you've set up things when it does go wrong. Not every container needs to be able to access other containers on the system, lan, have access to whatever folder, read/write permissions, etc
A good practice for things like vaultwarden would be to only whitelist the country/state you're in to minimize your attack profile
fail2ban or crowdsec can also help with all the rats sniffing around
Limited container access is a good point. Noted.
I think the APP itself is fine, but would an API access give attackers a mean to brute force into it? Sorry no expert here.
The official wiki talks about securing password login with fail2ban. I guess this is not needed in my case, as it’s handled at the Authelia level.