Selfhosted

53946 readers

308 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Question about accessing my services from corporate Network (feddit.org)

submitted 1 day ago by Feddinat0r@feddit.org to c/selfhosted@lemmy.world

17 comments fedilink hide all child comments

Well, hello there.

I run several services on my NAS at home.

I have a domain which always points at home and redirects port 80 to wikipedia.

Almost all ports are not forwarded, only for those which i want to have access to.

Example:

Paperless
Syncthing
FreshRSS

Now i work on my corporate computer and i cant access my services.

Why?

It blocks connections which go to a specific port.

Now i would love to access freshrss on adress:

Www.domainexample.com:1234

Which gets blocked.

Any ideas?

Messing with the local pc is of course forbidden.

you are viewing a single comment's thread
view the rest of the comments

[–] jeena@piefed.jeena.net 35 points 1 day ago (3 children)

Just use port 443 or 80 and use sub domains and a reverse proxy for each of your services.

For example:

https://rss.example.com/ goes to port 443 on your server where you run a nginx with letsencrypt. You set up a vhost for this subdomain which then internally proxies to your IP adress and port for freshrss.

I have it like that: https://rss.jeena.net/ and https://piefed.jeena.net/ and https://toot.jeena.net/ and so on.

[–] k4j8@lemmy.world 1 points 2 hours ago

I do this too plus block all IPs via firewall except my work and home IP addresses.

[–] stratself@lemdro.id 9 points 1 day ago

Beat me to it. This is likely the best way as 443 is ubiquitously unblocked on most networks

[–] jeena@piefed.jeena.net 5 points 1 day ago (1 children)

If you don't want to mess with SSL you can do the same with port 80.

[–] ChapulinColorado@lemmy.world 3 points 3 hours ago* (last edited 3 hours ago)

But then you are sending credentials in clear text over the network. That will get logged on the corporate access logs ensuring a quick permanent vacation once they notice how careless the employee is, not to mention the mixing personal and work resources.

Edit: forgot to mention, most work devices also decrypt SSL traffic by using man-in-the-middle approach (unless they are very incompetent). Even stuff like personal email and shopping should not be accessed on a work device if you don't want your work to have your passwords.