Selfhosted

56821 readers

438 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

How do I access my services from outside? (lemmy.world)

submitted 19 hours ago by leaf_skeleton@lemmy.world to c/selfhosted@lemmy.world

29 comments fedilink hide all child comments

Hey all,

I'm setting up a homeserver and trying to figure out the best way to access it remotely. I've been looking at different solutions, but I’m a little stuck.

I’ve been looking at VPNs, but it feels weird, to route everything through my home IP when I’m also trying to use a commercial VPN for privacy / to combat services fingerprinting me based on my IP.

I'm currently considering a reverse proxy setup with an authentication provider like authentik or authelia, but as far as I understand, that wouldn't work well with accessing services through an app on my mobile device (like for jellyfin music for example.) I did think about just opening up the ports and using a DDNS with a reverse proxy, but is'nt that like a big security risk?

Keep in mind I am no network admin, but I don’t have anything against learning if someone can point me in the right direction.

Also I heard some people say that on proxmox you should use unprivileged containers instead of vms for your services, does that hold up?

Any recommendations for tools or approaches?

you are viewing a single comment's thread
view the rest of the comments

[–] wesker@lemmy.sdf.org 25 points 19 hours ago (1 children)

Tailscale's free offering goes a long way.

[–] leaf_skeleton@lemmy.world 8 points 18 hours ago (3 children)

Well, yes I looked at tailscale too, but that would prevent me from using my normal commercial VPN, which I would still like to use. The way I understand it, if I routed my entire network through tailscale to my server, it would essentially make all my internet traffic exit at my server. So, everything would still appear to be coming from my home IP address. I’m trying to get the best of 2 worlds: using the VPN to hide my IP from services that i visit and my ISP, and a secure connection to my home server.

[–] StrawberryPigtails@lemmy.sdf.org 6 points 15 hours ago

Well, yes I looked at tailscale too, but that would prevent me from using my normal commercial VPN

You can split your devices traffic, Tailscale traffic through Tailscale, everything else through your masking VPN.

I’m trying to get the best of 2 worlds: using the VPN to hide my IP from services that i visit and my ISP, and a secure connection to my home server.

For that, what I would do is put the masking VPN (like PIA or whatever) on your router (not all routers can do this) and then have Tailscale on the devices or individual services. In theory, everything would still be able to talk to each other (even if your mobile device is not behind the router), but everything that is behind the router would enter and exit their traffic wherever you have the masking VPN set to. Downside of doing this is that EVERYTHING that is behind that router is also behind that VPN which can cause problems with some services, like banking and streaming.

It would also mean that the only way you could host a public service is to have an external VPS acting as a reverse proxy. Cloudflare might also have something that could work around this setup, but I'm not familiar with their offerings.

This setup also doesn't mask your traffic (origin and destination) from your mobile provider (just your home ISP), but that is a harder nut to crack as they can see, real time, where you are physically, and depending on your device, may have deeper device access anyways. I'm thinking prepaid phones and phones bought from the carrier (at least here in the US) or if your carrier has "asked" you to install an app to manage your account. My assumption is that my mobile provider can see anything I do while I have my phone or tablet with me, and just work around that.

You might want to ask in !privacy@lemmy.ml and !privacy@lemmy.world, as this is more up their alley.

[–] wesker@lemmy.sdf.org 4 points 18 hours ago* (last edited 18 hours ago)

I have all my services spun up in docker containers, which makes it easier to pick and choose which services use Tailscale and which use a VPN. I guess I haven't yet been put in a position where I wanted one to use both.

[–] irmadlad@lemmy.world 3 points 18 hours ago

I’m trying to get the best of 2 worlds: using the VPN to hide my IP from services that i visit and my ISP, and a secure connection to my home server.

How about Cloudflare Tunnels/Zero Trust? The caveat being that you have to own a domain that you can change the nameservers to the ones Cloudflare assigns you. You can purchase a domain from Cloudflare, but I think a lot of people get one from NamesCheap or PorkBun. I purchased on for less than $5 USD. With Cloudflare Tunnels/Zero Trust, you don't have to open ports, fiddle with NAT, or any of that. You install it on your server and it punches a hole in to allow communication.

Some people like Cloudflare, some people don't. Personally, I've never had any issues except for a very brief downtime a while back.