Reason for my question is the following:
I want to host some services on my public server and while they all have normal password protection, I want to ensure the security a tiny bit more. Therefore I want to limit the access to the specific services through ufw and nginx to specific IP addresses. For my homeaddress I can use DYNDNS to get my current IP. However that will not work for my phone, when I’m on the go.
I don’t want to constantly use vpn, as it slows down the speed of the internet connection significantly. Instead I would much prefer to just simply keep my server updated on my phones IP, so I can update the necessary config files through a script and thus allow my phone to access the services, where ever I am.

  • ozjd@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    The best option would be to have a DynDNS client on your phone (which your server can check) for what you want.

    However, the reason VPN exists and is popular is because it works with the required security. Trusting an IP address alone leaves yourself open to abuse from another user at your ISP, your ISP, or even simply someone sending you a link to a specially crafted webpage which contains some HTTP requests, etc.

    Ironically, allowing the phone to send it’s IP address to your home server opens up the whole network to abuse, as the update would need to be allowed from an IP address that’s not already known.

    There’s a reason we don’t use security by obscurity.