I dunno why but I’m worried that casaos is holding me back from doing greater things I guess? I’m pretty new to self hosting and I discovered casaos from a Minecraft server setup tutorial of all things and it’s been great for me so far and does pretty much everything I need it to do, but I feel like I don’t really have a full understanding of what I can do outside of it, and I don’t really hear many people talk about casaos so I’m like worried it’s just not very good I guess? I’m just looking for ways to improve really.
For reference I just use my server for Minecraft on the occasion, a self hosted obsidian live sync, adguard, and in the future plan on hosting nextcloud. Casaos seems great for that and maybe it’s perfectly fine but I’d just be interested in being more knowledgeable I guess, and aware of any ways to improve.
Serious question: last I looked at casaOS (because I liked the hardware), they had SSH open and accessible to default passwords by default. This scared me off hard.
Is this still a thing/are there other glaring security holes?
I don’t know if they changed it by now, but unRAID was the same when I tested it back in 2019. I wish they did things differently but both are products designed to be deployed and ran by hobbyists in a local network, so it makes somewhat sense.
I could get the “default” to facilitate setup, but as far as I’m concerned it’s seriously fucked not to have the first step of your script be replacing it with the user’s own choices. It’s really hard for me to trust the security as a whole of a project that does that by default, especially because it’s intended to be for inexperienced users and there was no indication during the setup process or other included information that that was the case.