this post was submitted on 04 Dec 2024
21 points (95.7% liked)
Selfhosted
60409 readers
464 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Looks cool, what about security? Since you’re experienced with it, how does it access the information of the nodes and how secure or insecure that may be? At the end of the day I don’t want to open a port on all nodes just to have it be used as root access to those machines…
https://guide.munin-monitoring.org/en/latest/tutorial/getting-started.html#adding-a-node
Yeah, I was typing that on the phone... thanks for the link:
So, I guess the best approach is to just run it inside a management network / internal VPN to avoid exposing the port to the internet.
You could add encryption and authentication via ssh: https://guide.munin-monitoring.org/en/latest/example/transport/ssh.html or you could put it behind an nginx and wrap it in tls if you just want encryption.