Maybe it’s my fault for posting this in selfhosted. My question was of a more generic nature about security and privacy in general. You’re right, r/privacy might be a better sub for this conversation.
In my case my reverse proxy (nginx) runs on the same machine as my backend. In fact nginx also serves all static data with the backend only serving api requests.
No worries, it’s just not a useful post for this group, most know the “risks” :-)
OP, what you’re describing is not the “big scary MITM” attack vector. It’s how TLS/Reverse proxies work. Whether you are using Cloudflare or hosting your own reverse proxy somewhere with full control, it’s still terminating TLS at the endpoint and passing back traffic in the clear to the backend.
Some people like Cloudflare for whatever reasons, and that’s okay. I host my own reverse proxy out on a VPS and it works just fine.
You’ll find that not all of the seflhosted community is super-focused on privacy as say r/privacy is.
At this point just get an external with bit locker as save all your backups. Thats a start. Then redundant storage.
I’m grabbing some easystores now.
Work on your NAS immediately after.
I do like the idea of having 2x2bay Synology NAS so I can do replication. It covers many use-cases without being too complicated.
Get rid of the roommate she’s an OP 🤣
I pay very little rent here, I’ll call it a cost of doing life business :-)
This is really responsive, do you have a github link so we can try to self-host this?
I was never radicalized myself. I’ve always self-hosted. I spent time in centralized ecosystems like most here, but ultimately I still self-host because I like to have some level of control