this post was submitted on 14 Jun 2023
14 points (100.0% liked)

Selfhosted

40246 readers
1158 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hey lemmings, I was wondering not just what you are using foe documents, but how you go about securing them.

Right now I am simply running paperless-ngx on a LUKS encrypted drive with all of my other data, permissions so only docker can access it, and running it through my reverse proxy with authelia in front of the paperless authentication for 2 factor.

I have sensitive documents like house sale documents and pay slips on there. I want to keep it publically exposed for my work documents (we have to submit documentation of different tickets and invoices for personal things to get repaid), but I am worried about the security aspect of it.

I figure data-at-rest encryption is useless because if a bad actor gets in to my server, they could get it all from memory anyway, but I wonder if specifically I should make that 1 docker image only accessible by VPN or something like that? Any recommendations on how to secure documents like that while still having them accessible?

you are viewing a single comment's thread
view the rest of the comments
[–] 100beep@lemmygrad.ml 1 points 1 year ago

Once I have any sensitive documents I need to store, I'm putting them in a safe with a self-destruct. Much more limited access.