• 1 Post
  • 8 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle



  • Yeah, they provide a “Flow” section where you can setup firewall-like rules to control your flow of traffic. You can configure rules that say, allow ssh to a specific server, but only from a specified devices, while allowing ssh, https and smb to another server from any device, blocking all other TCP traffic. UDP is a little weirder to control, but there’s a decent tutorial with example configs.

    I hear about TailScale a lot, and I know its super popular in the self-hosting & linux communities. I haven’t used it myself though, so can’t offer a comparison vs ZeroTier. I found ZeroTier refreshjngly easy to use and install on client devices, so haven’t had reason to look elsewhere yet.

    Anyway, have fun with your endeavor!


  • I just finished building a cloud solution leveraging an AWS EFS (elastic file system), a secure ZeroTier mesh, and a simple EC2 instance (vm) running Samba (or just sshfs/scp/sftp if multi-user file locking isn’t needed). EFS does have some pretty big limitations like the fact users can’t be in more than 16 groups (because it behaves like an NFS mount), and it lacks xattr and ACL support. Still, if you can work around these shortcomings you can build a very secure, surprisingly speedy cloud filesystem. Largest expense is the EFS, but after 30 days infrequently accessed files automatically move to slower storage, which is way cheaper. ZeroTier is an important piece of the puzzle, making your security and encryption a breeze. This allows you to run SMB over the internet without actually exposing any services. Connections are only made through your ZT mesh, which is highly secure.