Netmaker
How-To-Secure-A-Linux-Server
Netmaker | How-To-Secure-A-Linux-Server | |
---|---|---|
166 | 48 | |
8,971 | 16,718 | |
0.9% | - | |
9.6 | 4.5 | |
1 day ago | 21 days ago | |
Go | ||
GNU General Public License v3.0 or later | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Netmaker
-
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
Netmaker - Layer 3 peer-to-peer overlay network and private DNS. Similar to Tailscale, but with a self-hosted server/admin UI. Runs kernel WireGuard so very fast. Not FOSS, but the source code is available. Written in Go.
- Netmaker: An open source WireGuard VPN
-
Connecting several hundreds IoT (raspberry pi's) devices with a VPN
My plan is to set up an EC2 instance and host a VPN, considering options like Netmaker, OpenVPN, or Tailscale. The goal is to connect these devices to the VPN, enabling SSH access from any connected node. This method seems cost-effective(Considering I want to use 100s of devices and potentially 1000s) and straightforward, requiring a simple setup with a sudo apt command on the Raspberry Pi.
-
Remote access to a NAS from another location?
I'm wondering if there are any alternative approaches to achieve this. Is something like Netmaker or Tailscale feasible enough? If you have any suggestions, I'd greatly appreciate it.
-
Would we still create Nebula today?
https://github.com/gravitl/netmaker
Honorable mention:
SuperHighway84 - more of a Usenet-inspired darknet, but I love the concept + the author's personal website:
https://github.com/mrusme/superhighway84
- Show HN: Netmaker – Netmaker Goes Open Source
-
Netmaker Transitions to Open source: Embracing the Apache-2.0 License
Exciting news to share! Netmaker has officially embraced open source. This momentous decision was unveiled at the Open Source Summit in Europe when the pull request successfully merged, transitioning their server from the SSPL to the widely recognized Apache License 2.0.
-
SD-WAN and SASE Solutions
While we've encountered some challenges and worked with vendors like Cisco to find solutions, I'm curious about recommendations for SD-WAN providers that are well-suited for SASE users. This includes not only Zscaler but also other options like Netmaker, Palo Alto, Cloudflare, Cisco, and Forcepoint.
-
Only allowing my home network to access all my EC2 Instances?
Now, my main question is how I can link my DDNS host endpoint with my EC2 instances, allowing only my home network to access them. I've come across a variety of suggestions, such as Netmaker, OpenVPN, Tailscale etc. but I'm curious to hear your opinions on these solutions.
-
CLAs create different issues than making (small) open source contributions
HN is somehow always timely. Currently, these folks expect me to sign a CLA for a one-byte change to their README: https://github.com/gravitl/netmaker/pull/2516
How-To-Secure-A-Linux-Server
- An evolving how-to guide for securing a Linux server
- How to Secure a Linux Server
-
Should I set up my own server?
- own server costs about $5/month. I recommend using docker to deploy hbbr and hbbs. Back up the key in case you need to re-deploy. You do need to secure your Linux server, and this community-driven Github guide has some good tips to get started.
- How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server.
-
Automating the security hardening of a Linux server
I have been using the How To Secure A Linux Server guide for quite a while and wanted to learn Ansible, so I created two playbooks to automate most of the guides content. The playbooks are still a work in progress.
-
Connecting to docker containers rarely work, including via Caddy (non docker) reverse proxy
If it works, I will then follow the hardening guide I did before (https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) and test after every step
-
Resources to learn backend security from scratch
Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening
- Time to start security hardening - been lucky for too long
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
[4]: https://www.linode.com/docs/guides/
[5]: https://www.digitalocean.com/community/tutorials
-
Selfhosting Security for Cloud Providers like Hetzner
I suggest these resources: - Some fundamentals: https://www.cyberciti.biz/tips/linux-security.html - One of the best imho ( exhaustive list ): https://github.com/imthenachoman/How-To-Secure-A-Linux-Server - Ansible playbook to harden security by Jeff Geerling: https://github.com/geerlingguy/ansible-role-security - OAWSP Check list ( targeted for web apps... and honestly a bit overkill ): https://github.com/0xRadi/OWASP-Web-Checklist
What are some alternatives?
tailscale - The easiest, most secure way to use WireGuard and 2FA.
authelia - The Single Sign-On Multi-Factor portal for web apps
headscale - An open source, self-hosted implementation of the Tailscale control server
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
netbird - Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
firezone - Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
ZeroTier - A Smart Ethernet Switch for Earth
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.