this post was submitted on 24 Nov 2024
39 points (95.3% liked)

Selfhosted

40359 readers
330 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I dunno why but I’m worried that casaos is holding me back from doing greater things I guess? I’m pretty new to self hosting and I discovered casaos from a Minecraft server setup tutorial of all things and it’s been great for me so far and does pretty much everything I need it to do, but I feel like I don’t really have a full understanding of what I can do outside of it, and I don’t really hear many people talk about casaos so I’m like worried it’s just not very good I guess? I’m just looking for ways to improve really.

For reference I just use my server for Minecraft on the occasion, a self hosted obsidian live sync, adguard, and in the future plan on hosting nextcloud. Casaos seems great for that and maybe it’s perfectly fine but I’d just be interested in being more knowledgeable I guess, and aware of any ways to improve.

you are viewing a single comment's thread
view the rest of the comments
[–] conciselyverbose@sh.itjust.works 7 points 1 day ago (1 children)

Serious question: last I looked at casaOS (because I liked the hardware), they had SSH open and accessible to default passwords by default. This scared me off hard.

Is this still a thing/are there other glaring security holes?

[–] alwayssitting@infosec.pub 7 points 1 day ago* (last edited 1 day ago) (1 children)

I don't know if they changed it by now, but unRAID was the same when I tested it back in 2019. I wish they did things differently but both are products designed to be deployed and ran by hobbyists in a local network, so it makes somewhat sense.

[–] conciselyverbose@sh.itjust.works 3 points 1 day ago* (last edited 1 day ago)

I could get the "default" to facilitate setup, but as far as I'm concerned it's seriously fucked not to have the first step of your script be replacing it with the user's own choices. It's really hard for me to trust the security as a whole of a project that does that by default, especially because it's intended to be for inexperienced users and there was no indication during the setup process or other included information that that was the case.