I self-host a couple of services, but I haven’t exposed anything outside my home network. I want to self-host my calendar, but not sure if I can do it without exposing it. Any recommendations on the best way to go about this? For those who do self-host a calendar service, how do you keep it secure?
mTLS with a reverse proxy!
What caldav clients supports that?
I’d recommend the Tailscale style approach. MTLS is a pain imo without infrastructure and especially on the app layers
This is the first time I’ve heard of mTLS. Sounds interesting, any tutorial recs?
Not any in particular but mTLS is essentially just a reverse proxy (like nginx) asking a client for a certificate to be able to access the service behind it.
There are quite a few guides out there, so choose one for your reverse proxy of choice!
So it’s the good old client certificate authentication?
yep
In my opinion it’s the best solution because there’s a really low attack surface plus it makes it easy to control which device has access to which services.