I’ll look at those ASAP, super hopeful

I tried nc it for a while I would have taken me till the end of days to import all of my files.

I suspect I could keep it running by doing lockstep backups and updates. But it was just so incredibly slow.

I just want something that would give me remote access to my files with meta information about my files and a good search index.

It really wasn’t all that complicated for me. Install the client on two devices set a share up on one device go to the other device Hit add device put the share ID in. Go back to the first devices admin and say allow the share

The box you’re hosting on only needs internet access to connect the tunnel. Cloudflare terminates that SSL connection right in a piece of software on your web server.

Oh yeah, I totally get the allure of containers. I use them myself just not in production.

To be fair, python and node both suffer from the same kind of worries. And stuff gets slipped into those repos not too infrequently.

You need to have a rather capable router / firewall combo.

You could pick up a ubiquity USG. Or set up something with an isp router and a PF sense firewall.

You need to have separate networks in your house. And the ability to set firewall rules between the networks.

The network that contains the hosting box needs to have absolutely no access to anything else in your house except it’s route out to the internet. Don’t have it go to your router for DHCP set it up statically. Don’t have it go to your router for DNS, choose an external source.

The firewall rules for that network are allow outbound internet with return traffic, allow SSH and maybe VNC from your home network, then deny all.

The idea is that you assume the box is capable of getting infected. So you just make sure that the box can live safely in your network even if it is compromised.

The first worry are vectors around the Synology, It’s firmware, and network stack. Those devices are very closely scrutinized. Historically there have been many different vulnerabilities found and patched. Something like the log4j vulnerabilities back in the day where something just has to hit the logging system too hit you might open a hole in any of the other standard software packages there. And because the platform is so well known, once one vulnerability is found they already know what else exists by default and have plans for ways to attack it.

Vulnerabilities that COULD affect you in this case for few and far between but few and far between are how things happen.

The next concern you’re going to have are going to be someone slipping you a mickey in a container image. By and large it’s a bunch of good people maintaining the container images. They’re including packages from other good people. But this also means that there is a hell of a lot of cooks in the kitchen, and distribution, and upstream.

To be perfectly honest, with everything on auto update, cloud flares built-in protections for DDOS and attacks, and the nature of what you’re trying to host, you’re probably safe enough. There’s no three letter government agency or elite hacker group specifically after you. You’re far more likely to accidentally trip upon a zero day email image filter /pdf vulnerability and get bot netted as you are someone successfully attacking your Argo tunnel.

That said, it’s always better to host in someone else’s backyard than your own. If I were really, really stuck on hosting in my house on my network, I probably stand up a dedicated box, maybe something as small as a pi 0. I’d make sure that I had a really decent router / firewall and slip that hosting device into an isolated network that’s not allowed to reach out to anything else on my network.

Assume at all times that the box is toxic waste and that is an entry point into your network. Leave it isolated. No port forwards, you already have tunnels for that, don’t use it for DNS don’t use it for DHCP, Don’t allow You’re network users or devices to see ARP traffic from it.

Firewall drops everything between your home network and that box except SSH in, or maybe VNC in depending on your level of comfort.

Parsec also runs very well.

Same, I’ve been doing this for years. It’s just flawless.

Actually yeah it is. In IPFS files under a certain size get cashed permanently. The size is pretty small I think it’s like 2K, but it’s enough that you really want to make sure you don’t accidentally share like your entire drive is a folder or something because a lot of it will stick around forever without anybody doing anything.

the hashes look like this

bafybeih3otruk3juwppyva2giufgtnll5tjqsk6mzmhjiksjkpbh434mae

IPFS is kind of like a torrent system, you generate the file, add it to something like ipfs desktop or brave browser, it injects the hash into the p2p system, they download it from you directly or any one else that has downloaded it.

It’s not for truly private things, it’s more like throwing it on an unlisted imgur. It’s also not possible to redact things so if you shove it out there, it might be out there forever.

Likely not any less private than imgur was.

That or an ipfs gateway