Selfhosted

56821 readers

541 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

How do I access my services from outside? (lemmy.world)

submitted 23 hours ago by leaf_skeleton@lemmy.world to c/selfhosted@lemmy.world

35 comments fedilink hide all child comments

Hey all,

I'm setting up a homeserver and trying to figure out the best way to access it remotely. I've been looking at different solutions, but I’m a little stuck.

I’ve been looking at VPNs, but it feels weird, to route everything through my home IP when I’m also trying to use a commercial VPN for privacy / to combat services fingerprinting me based on my IP.

I'm currently considering a reverse proxy setup with an authentication provider like authentik or authelia, but as far as I understand, that wouldn't work well with accessing services through an app on my mobile device (like for jellyfin music for example.) I did think about just opening up the ports and using a DDNS with a reverse proxy, but is'nt that like a big security risk?

Keep in mind I am no network admin, but I don’t have anything against learning if someone can point me in the right direction.

Also I heard some people say that on proxmox you should use unprivileged containers instead of vms for your services, does that hold up?

Any recommendations for tools or approaches?

you are viewing a single comment's thread
view the rest of the comments

[–] EntropyPure@lemmy.world 10 points 19 hours ago (1 children)

Cloudflare Tunnels work great and are really easy to setup. Plus you are not exposing you machine completely to the outside, as the cloudflared service/container „calls out“, and Cloudflare is your reverse proxy. Downside is, you’re binding yourself to one of the US hyperscalers.

Pangolin uses the same principle, but is a bit more challenging to setup. Plus you need some kind of cloud server to make it work.

As you already have a VPN active at all times (at least it sounds like that), a VPN home seems out of the picture.

Unless you have a dedicated firewall at home, maybe reconsider the reverse proxy route. Personally would not feel comfortable with exposing a machine at home to the internet in full without a handle on what it can do or how it may be reached.

[–] irmadlad@lemmy.world 3 points 19 hours ago (1 children)

As you already have a VPN active at all times (at least it sounds like that), a VPN home seems out of the picture.

Expand on that, if you would. I run local VPN and everything else through Cloudflare. In fact the VPN DNS is Cloudflare as well as the stand alone pFsense firewall. Perhaps I am misunderstanding, which is likely since I'm all drugged up trying to pass a kidney stone.

[–] EntropyPure@lemmy.world 4 points 17 hours ago (2 children)

Well, not every system can handle or support multiple VPN connections with different providers, or the VPNs could interfere with each other. E.g. when using Tailscale you can not use another WireGuard based VPN according to their FAQs.

Also, it adds complexity to the stack and system as a whole on the client side. That is all fine and dandy as long as it works, but quickly a pain in the butt once you have to debug something.

[–] fuckwit_mcbumcrumble@lemmy.dbzer0.com 1 points 13 hours ago

Wireguard + OpenVPN works well for me.

OpenVPN fully supports multiple simultaneous connections. But Wireguard is such a pain in the ass with this. But Wireguard dgaf about OpenVPN connections.

[–] irmadlad@lemmy.world 2 points 17 hours ago

when using Tailscale you can not use another WireGuard based VPN according to their FAQs.

Anecdotally, if I turn off the Advanced killswitch and The VPN killswitch of my main VPN, I can actually bring up Tailscale. But you are right, it does add complexity. Basically I use Tailscale on the server and pFsense firewall as an overlay VPN. It's also handy if you lock yourself out of the server. A 'backdoor' of sorts.