I self-host a couple of services, but I haven’t exposed anything outside my home network. I want to self-host my calendar, but not sure if I can do it without exposing it. Any recommendations on the best way to go about this? For those who do self-host a calendar service, how do you keep it secure?
You must log in or # to comment.
unless you really need it, set up sync to work only on your home network. you enter a new event when away and it stays on your device.
once you get home, it then syncs with radicale/syncthing/nextcloud/whatevers.
Who do you want to have access to said calendar?
Just myself, but I would like to keep it synced between my phone and my laptop while also keeping a backup.
Then you should really look into setting up a personal VPN. After that what you use to do calendar becomes irrelevant in terms of access.
I think the general consensus for homelabbers is a mesh network – Tailscale and Netbird are the two most popular options
Or headscale.
I run nextcloud on my machine. If there’s a crack, there would be one in their hosted instance as well. There’s nothing really I can do about security of it.
I do not expose Nextcloud to the internet. I use dnsmasq to give LAN clients the private IP. If I need to access NC from elsewhere, there’s VPN for that.
Related question, what CalDAV server are you using? Been looking for something lightweight
VPN is the way to go if you’re not sharing it with a bunch of people
Radicale is the GOAT and supports authentication. Or you can just run it on a LAN behind a firewall.
Could you set up a Cloudflare tunnel and make sure the security rules are tight enough to keep others out?
Unless you live a very dynamic lifestyle that requires your calendar to be 24/7 synced, you can just use whatever server software you like, make it listen in LAN only, and have your devices sync when they’re at home.
DecSyncCC and Syncthing is another option.
mTLS with a reverse proxy!
What caldav clients supports that?
I’d recommend the Tailscale style approach. MTLS is a pain imo without infrastructure and especially on the app layers
This is the first time I’ve heard of mTLS. Sounds interesting, any tutorial recs?
Not any in particular but mTLS is essentially just a reverse proxy (like nginx) asking a client for a certificate to be able to access the service behind it.
There are quite a few guides out there, so choose one for your reverse proxy of choice!
So it’s the good old client certificate authentication?
yep
In my opinion it’s the best solution because there’s a really low attack surface plus it makes it easy to control which device has access to which services.
