As I'm learning more and more about self hosting, I've read repeatedly that the safest option for internally hosted services is to use a VPN from your mobile device (laptop, cell) and connect to your server(s) as needed when outside of your network. That brings me to a predicament of sorts.
Tools like Seafile, Nextcloud, Pydio, and CryptPad offer great collaborative features as well as easy sharing from these services. But if you're not exposing any of these services to the web, how would you share documents or files easily with those outside your network? The share functions will generate a link with your IP:Port, or in my case, a domain name that is only internal. I know you can download a copy and email it separately, but that is a bit clunky. Is there a service or another FOSS app I'm overlooking that allow you to 'publish' items to an external friend or team member in a safe manner?
I've not yet decided on which solution I'm going with. But in the case of CryptPad it seems secure that I would be comfortable hosting externally making this question moot. But I'd likely host it on a VPS instead of my home server just for another layer of separation.
Ooh that Mistborn is clever! Thanks. I am currently using Wireguard from my phone to the server. But obviously that's just me.
I did try to spin Tipi up on both home server (unRAID) and my VPS (Ubuntu 20.04) and could not get it to play nice. Looks like a great solution though.
On another thread someone brought up the point that if running multiple services on a server that touches the Internet and one is compromised, the server could be as well. I only started selfhosting early this year, so I am by no means an expert though.
Very true. I didn't know if there was some sort of "secure share" that could be leveraged without exposing the main app. Say Seafile, for example. Where a secure link is created and can be sent. I envisioned hosting something like that on my VPS and Seafile (or other) on the home server without exposing it. But reading more about CryptPad, that may be the ticket. Seems plenty secure to host on the web so I may go that way if no other options exist.
Put them on a VPS at a place like Linode. I frankly would not want to run internet facing services on my personal connection. Nor would I want the server on my lan unless I put it on a separate subnet that was firewalls from other stuff.
The other thing is that you can favor end to end encyped stuff. Send for example which is the follow on to Firefox send. I actually use Bitwarden send to send files for example which comes with the Bitwarden paid plan.