Yeah the IP:s are there for the world to see, but you won't easily know they belong to me unless I point to them from my domain.
I'm running a server at home without portforwarding. I connect to it using Nebula on VPS, which is like Tailscale without having to trust anyone.
Hello nerds!
How do you go about accessing your self-hosted resources when you're away from home?
I've used portforwarding, VPN, Tailscale and Headscale in that order but recently switched to Nebula.
Tailscale/Headscale was probably better than Nebula, but I just couldn't stand trusting either Tailscale or the VPS used to host Headscale.
With Nebula I don't need to trust the lighthouses, because they can't access my network even if compromised. I also really like the built-in firewall that's looking at node certs when filtering traffic.
I have a personal domain name. I got it because my first name was available with my country tld.
I use it for email, which I will most likely keep forever, but how about my self-hosted stuff?
I use Slack's Nebula to access my self-hosted resources externally.
Would you mind exposing your VPS:es IP:s to the world by adding them as subdomains? In my case lighthouse1.myname.tld and lighthouse2.myname.tld?
I feel much more secure using DuckDNS for those IP:s as it should make it much harder to identify my attack surface.
Does it make sense or am I just paranoid?
I really don't like the idea of my attack surface being easily identifiable just by my email or first name.
I wouldn't expose ports like that.
If security is a concern I would go with something like Nebula.
https://m.youtube.com/watch?v=94KYUhUI1G0
If you look into it, you can host your lighthouses for free using Oracle Free Tier.