Hi, I’m trying to decide how to handle backups from my laptop when I’m on the go. The options are
- Install the repository server on a cloud VPS
- Install the repository server on a raspberry pi at home.
For connection I can either
a) Expose the repository server to the internet or
b) connect via wireguard VPN.
I guess 1) + a) would be fastest, but I’m not sure if this is safe.
In the docs it says
Repository Server should be started on a dedicated server in LAN…
which sounds like exposing the server to the internet is not the recommended usage. In this forum topic someone asked a similar question, but the answers mostly centered around append-only / ACLs.
It would be great if someone knowledgeable who has read or written parts of the repository server code could make a recommendation as to resilience of the server against attacks when exposed to the internet. I’m not looking for a 100% guaranty, more of “I am competent in server hardening and have looked at large parts of the code and I would feel comfortable exposing it to the internet for my own personal data”.