• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: March 7th, 2025

help-circle


  • The selfhosted guys are correct with that. Of course its not a magic pill, but it can help to minimize the attack surface immensely with little effort.

    Edit: while open ports can easily be enumerated, a reverse proxy often requires knowledge of the right server name. In tls1.3 those are not transferred in clear. Depending on your thread scenario you might want to consider doh/dot etc.

    Reverse proxies can require client certs, which lift the security benefit to something like a vpn. Even basic auth adds a high threshold to attackers and is simple even for random users to work with. All this is functionality many services don’t offer natively - as they assume a reverse proxy anyway I guess.


  • It was maybe 2003, and my Windows (XP I guess) was not working properly for like the third time this year, requiring a re-installation. I rad a home linux server (IP masquerading) at that time, and this has gotten me a student job administrating a web and a mail server, so I felt confident enough. This was when I first installed linux on my main machine. But I was dual boot or dual machine until end of 2025, when I finally got rid of my old gaming box and put CachyOS on my new rig.

    Okay, a few years earlier a friend gifted me some slackware 1.0 CD, that partitioned my 800MB hdd into a 300 and a 800MB parition. The joy about the extra 300MB linux gifted me did not last too long when everything corrupted, and I went back to windows.

    Using windows, which I have to do some times at work, feels so painful now.