2024-06-08, 02:35 AM
(This post was last modified: 2024-06-08, 03:20 PM by mildlyjelly. Edited 2 times in total.)
This doesn't answer your questions directly, but I think it should clear up some things for you.
But first, you should always have an offline backup of any data that is important to you. There are plenty of ways for your data to be destroyed without the server being hacked. If you can, get a second external drive and backup anything important to it. Even better, use a third backup and keep it off site.
Basically there are 4 ways to remotely access your JF Sever.
1) Open a port directly to your server allowing you to simply navigate to the IP of your house. This only requires you to open a port in your router/firewall to direct traffic to your JF sever.
2) Use a VPN to connect to your house and then access your JF just like you would locally. This requires you to setup a VPN server on your router/firewall (or you can use PiVPN). You will also need a VPN client on remote devices (e.g. your phone) so you can connect to the VPN server. Once you have connected to the VPN server, you can securely access JF exactly as if you were on your local network (using the same local IP address as you do now).
3) Use Tailscale (I don't have personal experience with Tailscale)
4) Use a reverse proxy in front of option 1. For this to work, you will still need to open a port to your server exactly as you would have done in option 1. The big difference here is that we can limit access to your JF server to only the reverse proxy which has it's own unique benefits. You can set this up manually using Nginx or Apache on a remote server somewhere (not easy), or you can use a third party proxy provider like Cloudflare.
But first, you should always have an offline backup of any data that is important to you. There are plenty of ways for your data to be destroyed without the server being hacked. If you can, get a second external drive and backup anything important to it. Even better, use a third backup and keep it off site.
Basically there are 4 ways to remotely access your JF Sever.
1) Open a port directly to your server allowing you to simply navigate to the IP of your house. This only requires you to open a port in your router/firewall to direct traffic to your JF sever.
- Easiest to setup.
- It is very easy for end users to access via the JF app or Web Browser.
- Requires no special software.
- All data to and from your house is optionally securely encrypted.
- Provides the fastest connection.
- Least secure method (this doesn't mean dangerous, but you are relying entirely on your server and JF for security).
- Since your house IP can change without notice, this is where you would either want a static IP or a Dynamic DNS.
- There is really no way to enhance the security of this setup without using a Reverse Proxy (see method 4 below).
2) Use a VPN to connect to your house and then access your JF just like you would locally. This requires you to setup a VPN server on your router/firewall (or you can use PiVPN). You will also need a VPN client on remote devices (e.g. your phone) so you can connect to the VPN server. Once you have connected to the VPN server, you can securely access JF exactly as if you were on your local network (using the same local IP address as you do now).
- A very secure and traditional setup.
- Fairly easy to setup.
- All data to and from your house is securely encrypted.
- Allowing other people on your network comes with it's own security concerns.
- Provides a slower connection than Option 1, but depending on the hardware your VPN server is running on there may be no perceivable difference in speed or it my be horribly slow.
- Requires every end user to setup a VPN client and connect to your local internet before accessing your JF server.
- VPN client's are probably not available for most streaming devices like the Firestick, Roku, or AppleTV.
- You will still want to use a static IP or a Dynamic DNS since you will need to connect to your houses IP through the VPN.
3) Use Tailscale (I don't have personal experience with Tailscale)
- Probably more secure than using a VPN.
- Probably the second easiest to setup.
- All data to and from your house is securely encrypted.
- Requires every end user to install and use the Tailscale client before accessing your JF server.
- The Tailscale client's are probably not available for most streaming devices like the Firestick, Roku, or AppleTV.
- I'm not sure how well this works if you just want to give your friend temporary access for a few days.
4) Use a reverse proxy in front of option 1. For this to work, you will still need to open a port to your server exactly as you would have done in option 1. The big difference here is that we can limit access to your JF server to only the reverse proxy which has it's own unique benefits. You can set this up manually using Nginx or Apache on a remote server somewhere (not easy), or you can use a third party proxy provider like Cloudflare.
- Depending on how you implement the reverse proxy, this could be easy or difficult to setup.
- Likely more secure than Option 1 but still less secure than Options 2 & 3. You are now relying on your reverse proxy's server and JF for security. You get more security controls using a reverse proxy (i.e. WAF), but your proxy server and JF are still open to the pubic and can still be compromised. However, third party proxy providers like Cloudflare guarantee the security of their servers.
- It is very easy for end users to access via the JF app or Web Browser without special software.
- All data to and from your proxy is securely encrypted.
- You will still want to use a static IP or a Dynamic DNS since your reverse proxy will still need to connect to your houses IP.