zlacker

[return to "CLI agents make self-hosting on a home server easier and fun"]
1. simonw+g6[view] [source] 2026-01-11 22:01:25
>>websku+(OP)
This posts lists inexpensive home servers, Tailscale and Claude Code as the big unlocks.

I actually think Tailscale may be an even bigger deal here than sysadmin help from Claude Code at al.

The biggest reason I had not to run a home server was security: I'm worried that I might fall behind on updates and end up compromised.

Tailscale dramatically reduces this risk, because I can so easily configure it so my own devices can talk to my home server from anywhere in the world without the risk of exposing any ports on it directly to the internet.

Being able to hit my home server directly from my iPhone via a tailnet no matter where in the world my iPhone might be is really cool.

◧◩
2. drnick+ab[view] [source] 2026-01-11 22:25:31
>>simonw+g6
I'd rather expose a Wireguard port and control my keys than introduce a third party like Tailscale.

I am not sure why people are so afraid of exposing ports. I have dozens of ports open on my server including SMTP, IMAP(S), HTTP(S), various game servers and don't see a problem with that. I can't rule out a vulnerability somewhere but services are containerized and/or run as separate UNIX users. It's the way the Internet is meant to work.

◧◩◪
3. gambit+wL1[view] [source] 2026-01-12 11:43:14
>>drnick+ab
"Back in the day"(just few years ago) I used to expose a port for RDP on my router, on a non-standard port. Typically it would be fine and quiet for a few weeks, then I assume some automatic scanner would find it and from that point onwards I could see windows event log reporting a log in attempt every second, with random login/password combinations, clearly just looking for something that would work. I would change the port and the whole dance would repeat all over again. Tens of thousands of login attempts every day, all year round. I used to just ignore it, since clearly they weren't going to log in with those random attempts, but eventually just switched to OpenVPN.

So yeah, the lesson there is that if you have a port open to the internet, someone will scan it and try to attack it. Maybe not if it's a random game server, but any popular service will get under attack.

◧◩◪◨
4. drnick+HD2[view] [source] 2026-01-12 16:17:09
>>gambit+wL1
> someone will scan it and try to attack it. Maybe not if it's a random game server, but any popular service will get under attack.

That's fine, it's only people knocking on a closed door. You cannot host things such as email or HTTP without open ports, your service needs to be publicly accessible by definition.

[go to top]