You mean "copy the photos you have taken but you not want in your device if you would get checked on your way back out to a server in a hostile country " ?

99.99% if the normal tourists do not have a personal server to store their photos. They use a commercial cloud. By using your personal server, you behave differently from 99.99% of the tourists.

" Why do you keep your images to your personal server and not the cloud? What do you have to hide? "

HI, Thanks for the info (and also thanks to PoVog).

My experience with mqtt is limited. I once set up a ejabberd server to try it out. It works but -as I mainly interested in federated chat- it was not that interesting. There was a lot less traffic and the rooms that exist that had traffic had a big issue with moderation (i.e. spam content). The S/N ratio of the discussions was a lot less then on matrix or other platforms.

I also notice it was missing some features that are do are present in matrix, like the ability to edit messages. From how I understand it, the modulator nature of XMPP is a nice idea but as there is a large diversity on clients and the features they support, it does seems to come down to only the lowest common domininator to really work well.

As I have just set up a pi5 as my new selfhosting-server, I might give it a try again, and see how well the transports (like slidge as mention by PoVog) work.

Concerning the URL issue, as explained, it kind-of looks like a normal side-effect of the principle of server authentication. Alsom your use-case (one server, one client) it not the normal goal why chat-servers are build. Even in a non-federated use, you have multiple clients connecting to it. Cchanging the server hostname will impact all clients, so is probably a very rare scenario. I did see you use synapse. I do not know if you dendrite or conduit have the same behaviour.

perhaps a stupid question, but are there bridges for XMPP ? My impression is that XMPP is as good as empty (I do use it mainly as a federated service). Is there still a lot of active development on the XMPP side of things?

I do not understand your point with ‘you cannot change the URL’. If you use matrix as non-federated and just the only user, what is the problem that you need to change the URL when you need to set up a new server on a new URL? Not being able to change the server at the same URL seems like a logical concequence of authentication, be it for server-to-server communication as for client-to-server communication.

I think I read something about that but I do not know the details.

It fhat is true, that would be good news. Thanks for the info. 👍

deleted by creator

There was an example of an ethical hacker that bought up old email-domain names of police offices, city councils (name of city changed due to Mercer) and so on. He received quit a few mails with quite sensitive data.

I run a small setup on a seperate server segment (2nd router behind my main router) so it is on the internet. I run nextcloud, an dendrite and conduit instance (matrix chat-server servers), a mastodon and go-to-social instance (fediverse), bitwarden (password manager), and others.

If there is a service that you do not want to be publically accessable by everybody but you do want to access from everywhere on the internet yourself, check out client-side TLS (https) certificates. The server does is accessable from the internet put only people who have a TLS certificate on their client signed by you can access it. For services that do not require incoming connections from other machines (e.g. nextcloud, bitwarden, … but no federated services like matrix-chat or the fediverse) that is a very good option to protect your servers.

Yes, that’s a very useful idea. Thanks!

If you get your domain from OVH, you get one single mailbox (be it with a lot of aliases, like a different email-address for every service/website you use) for free.

What is your ‘deleted files’ policy? How long do you keep them? I had a similar issue but then found out that the nextcloud cron-process wasn’t running so files in the ‘deleted files’ folder where never really deleted.

Well, based on advice of Samsy, take a backup of home-server network to a NAS on your home-network. (I do home that your server-segment and your home-segment are two seperated networks, no?) Or better, set up your NAS at a friend’s house (and require MFA or a hardware security-key to access it remotely)

What was that saying again?

“the biggest thread to the safety and cybersecurity of the citizens of a country … are managers who think that cybersecurity is just a number on an exellsheet”

(I don’t know where I read this, but I think it really hits the nail on the head)

I have been thinking the same thing.

I have been looking into a way to copy files from our servers to our S3 backup-storage, without having the access-keys stored on the server. (as I think we can assume that will be one of the first thing the ransomware toolkits will be looking for).

Perhaps a script on a remote machine that initiate a ssh to the server and does a “s3cmd cp” with the keys entered from stdin ? Sofar, I have not found how to do this.

Does anybody know if this is possible?

Yes. Fair point.

On the other hand, most of the disaster senarios you mention are solved by geographic redundancy: set up your backup // DRS storage in a datacenter far away from the primary service. A scenario where all services,in all datacenters managed by a could-provider are impacted is probably new.

It is something that, considering the current geopolical situation we are now it, -and that I assume will only become worse- that we should better keep in the back of our mind.

I will put “multicloud” on my wishlist.

Looking at it from a infosec point of view, cloud-providers are an ideal target. All the customers who have just lost all their data now complaining to the cloud-provider are the ideal pressure-mechanism to get the cloud-provider to pay out.

In this case, it is not you -as a customer- that gets hacked, but it was the cloud-company itself. The randomware-gang encrypted the disks on server level, which impacted all the customers on every server of the cloud-provider.

The issue is not cloud vs self-hosted. The question is “who has technical control over all the servers involved”. If you would home-host a server and have a backup of that a network of your friend, if your username / password pops up on a infostealer-website, you will be equaly in problem!

Well, the issue here is that your backup may be physically in a different location (which you can ask to host your S3 backup storage in a different datacenter then the VMs), if the servers themselfs on which the service (VMs or S3) is hosted is managed by the same technical entity, then a ransomware attack on that company can affect both services.

So, get S3 storage for your backups from a completely different company?

I just wonder to what degree this will impact the bandwidth-usage of your VM if -say- you do a complete backup of your every day to a host that will be comsidered as “of-premises”

First of all, thanks to all who replied! I didn’t think there would have been that many people who self-host a SSO-server, so I am happy to see these replies.

As a side-note, I have also been looking into making the setup more robust, i.e. add redundancy. For a “light redundant” senario (not fully automatic, but -say- where I have a 2nd instance ready to run, so I just need to adapt the DNS-record if it is needed), can I conclude from the “makeing a backup” question, that I just need to run a 2nd instance of postgres and do streaming-replication from the main instance to the backup-instance ?

Or are there other caviats I haven’t thought about?

Great thanks! (also thanks to Mike … you have some valid points)