We install Debian, Docker, Immich, and even Nextcloud and run a tiny self-hosted virtual Homelab. 0:00 Intro 0:30 Virtual Machine Setup 5:11 First Boot 5:45 SSH Login 6:35 Docker without Sudo 8:06 ...
And I kinda don’t want to know if complex passwords and low retries before an account gets locked out are enough.
I’ve created a custom cert that I verify within my nginx proxy using ssl_client_certificate and ssl_verify_client on. I got that cert on every device I use in the browser storage, additionally on a USB stick on my keychain in case I’m on a foreign or new machine. That is so much easier that bothering with passwords and the likes, and it’s infinitely more secure.
Still feels like I’m doing too little, but kinda hate 2fa.
And I kinda don’t want to know if complex passwords and low retries before an account gets locked out are enough.
I’ve created a custom cert that I verify within my nginx proxy using
ssl_client_certificateandssl_verify_client on. I got that cert on every device I use in the browser storage, additionally on a USB stick on my keychain in case I’m on a foreign or new machine. That is so much easier that bothering with passwords and the likes, and it’s infinitely more secure.