![](https://seccdn.libravatar.org/avatar/77cb4da5f72bc176182dcc33f03a18f3.jpg?s=120&d=mm&r=g)
On 2023-12-04 12:20, cagsm wrote:
Support list,
thanks in advance for any recommendation on a thing maybe called home-server, trying to go for leap 15.5, or better with slowroll?
Storing simple files on a opensuse samba server, on a LAN. Maybe would like to access these files in a safe and secure manner, and not too bloated or by highly complexly architectured ways, also from remote or while traveling or sharing select files with others.
LAN has a single public ipv4 address albeit not a permanently same address, and has the same for ipv6 mostly even ipv6 prefix global unicast, but also changing.
So you need some external DNS server that points to your system, updated automatically. Something like DynDNS. This is the first thing to do.
I was looking into maybe a nextcloud, though i am not a huge expert and i try to like research too much before i even take the small first step, so sometimes i kind of am slow to start deploying actual stuff, maybe too scared or too worried and trying to fathom all the consequences and finding the best way even though with my little silly knowledge.
I know nothing about that, sorry.
Anyhow there are many things coming up such as a dynamic dns provider and hostname that then can be used for nextcloud, and then some front end proxy or reverse proxy or what that name would be, hence my looking into this traefik, even though mostly people write about nginx.
Some places spoke about going for seafile instead of nextcloud. Maybe both? I also like the cryptpad project of the french open source folks and maybe even a matrixorg server, i know i know i have really no experience or knowledge in supporting or safely handling all of this. Maybe step by step.
Anyhow, when I used to have linux machines on the net, so far I only exposed like the single mere ssh port of them and nothing else, and that was worrisome already for me.
This is what I do, I don't need anything else. I have the router porting incoming connections on a certain high port to the server machine on port 22. Then you configure that machine ssh server to only accept ssh with shared keys, not password. Finally, I configure that machine firewall to accept (maybe only) incoming on port 22 from the router. And then you are as safe as can be. Of course, clients must know that high port and have the shared key file. To access files, you can do, on the clients: cer@Laicolasse:~> sshfs USERNAME@YOUR.MACHINE.DNS:/ ~/fusermount/ and to close it: cer@Laicolasse:~> fusermount -u ~/fusermount To connect to my home webserver, I do: ssh -L 127.0.0.01:60000:192.168.1.X:80 -N USERNAME@YOUR.MACHINE.DNS (X is the local IP of my server) And on Firefox, I navigate to: http://127.0.0.1:60000/ Of course, you have to configure Apache to allow this access. Currently mine fails partly, it is not a thing I often do. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))