As many others have already stated: he‘s on the wrong track.
Open source is great and works for developers and tinkerers. The fact that we dont have a law that a company has to pay what this product would cost in the open market is not open sources fault. On top: one reason open source is growing like crazy is the convenience these megacorps have with implementing it everywhere. We need to cast out those taking for themselves and dont give back.
Buku with extension Bukubrow is already good for me to have offline bookmark manager, flexibel function on CLI or browser. With Archivebox combination in my Librewolf reading my archive website.
Hopefully they get to Simple Launcher soon. I switched to that because Nova Launcher seemed to he dead and I couldn’t find a better open source alternative. I certainly will take suggestions if someone knows something better on fdroid.
You don’t need to own a domain, what you most likely need is some kind of dynamic DNS service.
freedns.afraid.org is one of them, they’ll give you a subdomain you can pick and the client will update the IP to which the domain point whenever it changes.
This is what you need, assuming you’ve a public IP from your ISP and you can go into your router and port forward ports to your TrueNAS server.
Now regarding software, since you’re using Syncthing already I would suggest you stay away from the complexities and vulnerabilities of Nextcloud and simply use FileBrowser, this is way easier to setup and use. I believe there’s even something on TrueNAS to get it running.
How if you’re about to expose your NAS/setup to the internet you’ve to consider a few things for your own safety.
Quick check list for outward facing servers:
Only expose required services (web server nginx, game server, program x) to the Internet. Everything else such as SSH, configuration interfaces and whatnot can be moved to another private network and/or a WireGuard VPN you can connect to when you want to manage the server;
Use custom ports with 5 digits for everything - something like 23901 (up to 65535) to make your service(s) harder to find;
Disable IPv6? Might be easier than dealing with a dual stack firewall and/or other complexities;
Use nftables / iptables / another firewall and set it to drop everything but those ports you need for services and management VPN access to work - 10 minute guide;
Use your firewall to restrict what countries are allowed to access your server. If you’re just doing it for a few friends only allow incoming connection from your country (wiki.nftables.org/wiki-nftables/…/GeoIP_matching)
Realistically speaking if you’re doing this just for you / a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won’t probably impact the performance. This is a decent setup guide digitalocean.com/…/how-to-set-up-wireguard-on-deb… and you might use this GUI to add/remove clients easily github.com/ngoduykhanh/wireguard-ui
With WireGuard you’ll only need to port forward the WG port reducing the attack surface. After you connect to the VPN you get access to the server as if you were on the local network. This mean you’ll even get SMB/Samba access to the files and/or access to any other service the server might me providing, you don’t need anything else or change your current workflow, simply connect to the VPN and access your data as if you were home.
Another advantage of going with WireGuard is that you can more safely ignore the step (4) and (5) because only exposing the VPN through a port forward in your router won’t create much of an attack surface / anything that can be bruteforced. Your setup will be easier to deploy and maintain.
Note that WireGuard is designed with security in mind and it won’t even be visible in typical IP scans / will ignore any piece of traffic that isn’t properly encrypted with your keys.
I use SSH with port fowarding to securely access my services running on my server to anywhere I have internet. Its easy to setup, just expose any device running a ssh server like openssh to the internet, probably on a port that isnt 22, and with key only authentication.
Then on whatever device you want to get your services on you can do like
Where 8022 is the port of the ssh server exposed to the internet (default is 22), 8010 is the port its gonna bind to on the device you are using the client (it will bind to 127.0.0.1 by default), 192.168.75.111:80 is the address/hostname and the port of where your services are on your local network, and user@serverspublicip is your username and the ip address of where your ssh server is.
You can also use ssh to make a SOCKS proxy in your network like this
This will make a socks proxy into your network on your device at 127.0.0.1:1080. All of this can also be done on just about any mobile phone running android by using termux.
Oh thank you so much for posting this. When Brodie Robertson covered this on his YT channel, I was so upset at how the fiasco with SimpleMobileTools played out, but also so glad somebody took over the mantle. Cheers!
The “simple” suite of apps was bought by zippoapps, a company that buys popular apps and adds incredibly aggressive monetization that is basically just trying to scam users. You know those “free trials” that cost like 300€ per week once the trial is up so you forget to cancel and pay a bunch of money for an app you don’t want? Yeah that.
If I recall correctly, the whole suite was sold to a company that has a history of acquiring existing tools just to park them in maintenance mode and fill them with ads.
You might try Tailscale or Wire Guard. Either can be used to create a mesh VPN that can include any device you want. Connect your devices to the VPN then you just access it like it is on your local network. Of the two I use Tailscale. Dead simple to setup on pretty much any device.
I looked into Nextcloud, but that requires paying for a domain
Depending on what installation method you choose to go with, you don’t need a domain. It’s just very much helpful to have one. Especially if you decide to have it public facing. Plus domains are cheap. A bigger issue for us self hosters is dealing with dynamic IPs. Most of the time you can buy a static IP from your ISP, but if that is not an option, most domain providers provide a way to deal with variable IP addresses.
And yes, Tailscale does ignore dynamic IP addresses. I think Wire Guard does as well as Tailscale is built on Wire Guard.
Adding to this, Tailscale’s clients are open source and there’s a community-developed open source control server component called Headscale that can replace the Tailscale’s central server if and when needed. I tested it recently and it seemed to work fine.
I use Wireguard VPN with DuckDNS. No need to buy a domain, I just made a name for local use like nextcloud.rudee.com. Even though domains are not expensive (can be 10-20$ a year, but there are also free otions like rudeenextcloud.duckdns.org). You might need reversy proxy like Nginx Proxy Manager unless you want to type IP:PORT
opensource
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.