This is a decent writeup on applying “Zero Tust” principles to a home lab using mostly open source tools. I’m not the author, but thought it was worth sharing.

  • Quik@infosec.pub
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    2 months ago

    I, too, don’t love the use of AWS/Cloudflare, while I get that you can simply replace AWS S3 with something else for backups, this server setup is innately based on using Cloudflare.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        I’d appreciate it as well.

        I have a somewhat sophisticated setup as well that doesn’t use Cloudflare (aside from domain and DNS hosting) or AWS (I use a simple Hetzner VPS). I’m considering using Backblaze for backups, and everything else is self-hosted.

        One of my main goals is that every responsibility should be modular and have a compatible drop-in replacement. I’m very interested to read what others with a similar perspective have done.

    • fruitycoder@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      What is a good alt for cloudflare here tbh?

      I’ve done wire guard, and tor service to obfuscate the network, and crowdsec for a good external firewall, and linkerd gateway to actual services (and keycloak for sso).

      Besides adding gotelaport for more fine grained access, idk what else you could do, but even then idk if its still competitive as someone else’s network taking your ddos loads lol