I self-host a couple of services, but I haven’t exposed anything outside my home network. I want to self-host my calendar, but not sure if I can do it without exposing it. Any recommendations on the best way to go about this? For those who do self-host a calendar service, how do you keep it secure?
mTLS with a reverse proxy!
This is the first time I’ve heard of mTLS. Sounds interesting, any tutorial recs?
Not any in particular but mTLS is essentially just a reverse proxy (like nginx) asking a client for a certificate to be able to access the service behind it.
There are quite a few guides out there, so choose one for your reverse proxy of choice!
What caldav clients supports that?
I’d recommend the Tailscale style approach. MTLS is a pain imo without infrastructure and especially on the app layers
Tailscale is simpler but when you’re accessing from devices behind VPNs like I do mTLS is a lifesaver.
I use DAVx⁵ for caldav (supports mTLS)
I find mTLS cool too :P
In terms of being a pain it’s not that bad with nginx in my opinion. I can just build my own certificate for each service I expose or you use a common one, giving read only access to the key for my nginx containers and in two lines in the .conf it’s sorted.