I've managed to set up a baikal server to sync my calendars and tasks instead of using a free cloud service provided by nextcloud. I'm able to reach it from beyond my local network, but this is all very new to me and I'm a little worried about what permanently leaving a port open for this.
I'm hoping to find some resources for securing this, before leaving it up all the time. I suppose as an alternative I can always only run it at home and only sync when I'm home but this seems less ideal.
Thanks a bunch for the help in advance. I really appreciate it.
Wireguard might work well here. You'll have to set it up on each device you want to have access your server, but I'm guessing that syncing only involves a handful of devices, which wouldn't be bad.
So if I understand this correctly, I configure wireguard on the server end and port forward to the IP for the wireguard interface? and then configure devices to send packets through their wireguard interface for specific applications to get synced up?
Thanks for your reply :)
Yeah, when you configure it, you essentially say "all traffic to 1.2.3.0/24 should go through this wireguard connection". Then, your OS automagically knows "oh, this connection to 1.2.3.4 should go through Wireguard, and I'll handle it like so". You don't have to configure any applications specifically, their network connections just get routed appropriately by your OS.
As a friendly suggestion:
Don't rely on wireguard alone, try instead services like tailscale or zerotier because if you set up ur server in residential zone, there are huge chances that you will hit some cg-nat in other cities / countries.
Those are nasty problems that wireguard is not able to solve but those programs can
Apart of that this is the zero risk approach and it should be the default one.
Are these all roughly equivalent in security? Or is it a case of some of these being a bit less complex to set up but you sacrifice security? I'll look into these options though. Thank you
Just in case you never heard of it, there is also the option to use Tailscale. It lets you connect to your services without opening any ports and uses Wireguard under the hood but makes configuration simpler