Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Everything on one server

    Discuss
    4
    7
    96
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cloud802 last edited by

      Hello everyone. I want to self host all my services, just from a security point of view, is it bad to put bitwarden and your email on one server for example? Just thinking if something gets compromised, all my stuff is in one place. From a tracking perspective, is it bad to have all your data from different apps (wallabag, syncthing, bitwarden, email, notes...) going to one IP? Or am I over thinking it. Thanks!

      scooke 1 Reply Last reply Reply Quote 0
      • scooke
        scooke @cloud802 last edited by scooke

        @cloud802 I'm sure more tech-minded folk will expand on this, but, from what I understand, because Cloudron uses Docker, ALL the apps and services are kept separate from one another.

        I suppose if you use easy to guess passwords, and use the same one on different apps, then you are open to attack that way. But that wouldn't be Cloudron's fault. Even if you installed a WordPress plugin, for example, that was hacked, and you lose your WordPress installation, nothing else will be affected. Just reinstall, or restore the WordPress from a known, safe, backup.

        Another attack avenue, related to the password one above, is if you use one domain with subdomains, or more than one domain for the different services, it is easy to whois them and slowly find out which domains are all on that Cloudron server. Then an attacker might wait for some weak spot or zero-days to exploit (of the app on that domain), but that would happen on any service. EVEN THEN, if some service or app was hacked, the auto backups of Cloudron would make it easy as pie to restore everything.

        These are some of the reasons why I love Cloudron.

        A life lived in fear is a life half-lived

        C 1 Reply Last reply Reply Quote 0
        • C
          cloud802 @scooke last edited by

          @scooke Thanks for the info. Appreciate it.

          BrutalBirdie 1 Reply Last reply Reply Quote 0
          • BrutalBirdie
            BrutalBirdie Staff @cloud802 last edited by

            @cloud802 for tracking what services run I use https://crt.sh/ to see the registered sub-domains.
            Example one of my domains - https://crt.sh/?q=bigbluebutton.dev

            You cant see which services run on this cloudron from just the domain. 🙂

            For bitwarden I use my yubikey for a second level security.

            Like my work? Consider donating a beer 🍻 Cheers!

            C 1 Reply Last reply Reply Quote 1
            • C
              cloud802 @BrutalBirdie last edited by

              @brutalbirdie Ahh ok cool awesome!

              humptydumpty 1 Reply Last reply Reply Quote 0
              • humptydumpty
                humptydumpty @cloud802 last edited by humptydumpty

                @cloud802 I just want to add to what @scooke said about Cloudron's amazing backups is that I highly suggest signing up with a 3rd party S3 provider like Backblaze and have it all backed up there. Just in case the VPS/datacenter is compromised (like the OVH fire in the recent past).

                https://docs.cloudron.io/backups/#backblaze-b2

                C 1 Reply Last reply Reply Quote 2
                • C
                  cloud802 @humptydumpty last edited by

                  @humptydumpty Perfect thank you.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post