Question about frp's stcp saftey/security
from EpicStuff@lemmy.ca to selfhosted@lemmy.world on 17 Jun 02:17
https://lemmy.ca/post/23321866

I’ve just started hosting stuff and i’ve been using frp’s stcp to make stuff accessible when i’m at school. I was wondering if I should bother setting up/switching over to wireguard which is apparently the way to go?

#selfhosted

threaded - newest

[deleted] on 17 Jun 02:38 next collapse

.

possiblylinux127@lemmy.zip on 17 Jun 02:53 next collapse

You didn’t expose it to the internet right? Right?

Use Netbird and a network share. I don’t know what stcp is but I would go with SMB or syncthing

seang96@spgrn.com on 17 Jun 03:44 next collapse

From the link in the post it’s a reverse proxy backed by terminos which is a secure OS for kubernetes and is really good, so I imagine this proxy is also really good. So OPs setup is already likely fine as is.

possiblylinux127@lemmy.zip on 17 Jun 17:37 collapse

Still why risk it? It seems like there are better ways to do this

theorangeninja@lemmy.today on 17 Jun 04:30 next collapse

How are you using Netbird in your setup if I may ask?

possiblylinux127@lemmy.zip on 17 Jun 14:27 collapse

How? I install the client and use ACLs

theorangeninja@lemmy.today on 17 Jun 14:40 collapse

What are ACLs? And do you use the self hosted or the hosted option?

possiblylinux127@lemmy.zip on 17 Jun 16:32 collapse

You don’t need ACLs for small stuff (access control lists, they are used for least privilege) all you need to do is to install the client in each machine and then those machines can talk as if they were on the same network.

If you wanted to access device C from device B running Netbird you could also use the routing feature to route traffic as if you were on the local network. You also can use the VPN feature if you want to get the same experience as if you were at home.

theorangeninja@lemmy.today on 17 Jun 21:40 collapse

Thank you very much! Can you link to a noob-friendly guide for all the features Netbird offers?

possiblylinux127@lemmy.zip on 17 Jun 21:43 collapse
EpicStuff@lemmy.ca on 17 Jun 12:44 collapse

uh, i did?

can u explain why its a bad idea?

possiblylinux127@lemmy.zip on 17 Jun 14:22 next collapse

Anything on the internet gets hammered. As soon as there is any sort of vulnerability you are compromised.

You don’t need to take that risk

seang96@spgrn.com on 17 Jun 18:08 collapse

The proxy you are using seems like a good one and if you are using auth on it you aren’t exposing the services under it directly, so the vulnerability would be proxy or your password to reach any potential vulnerabilities on the service. Sure there could be some crazy bad vulnerability on the proxy, but as long as your using a good trusted one and not doing some config to bypass their security, and updating it, you should be fine. Some people here think you could use vpns and such for everything and sometimes you just gotta share your services and going through a proxy service is a good solution.

Moonrise2473@feddit.it on 17 Jun 09:13 next collapse

never heard about stcp nor i see something called like that in their github repository

Does it have authentication?

For safety i’d add an additional layer of authentication. Easy way: cloudflare access + cloudflare tunnel; hard mode: authelia + a reverse proxy

EpicStuff@lemmy.ca on 17 Jun 12:41 collapse

id say it’s basically tcp with a password

try ctrl f on the readme?

colifloro@lemmy.world on 17 Jun 18:10 collapse

Have you checked tailscale? a one click wireguard, free for quite a lot of devices. there is a project to selfhost the control server headscale.net