this post was submitted on 21 Jul 2025
109 points (96.6% liked)

Selfhosted

53179 readers
1274 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
109
What are your VPN recommendations for accessing self-hosted applications from the outside? (sh.itjust.works)
submitted 4 months ago by waterproof@sh.itjust.works to c/selfhosted@lemmy.world
78 comments fedilink hide all child comments
 

Hello,

Some time ago, I started self-hosting applications, but only on my local network. So far, it's working fine, but I can't access them as soon as I go outside (which is completely normal).

For the past few days I've been looking for a relatively secure way of accessing my applications from outside.

I don't need anyone but myself to have access to my applications, so from what I've understood, it's not necessarily useful to set up a reverse-proxy in that case and it would be simpler to set up a VPN.

From what I've seen, Wireguard seems to be a good option. At first glance, I'd have to install it on the machine containing my applications, port-forward the Wireguard listening port and configure my other devices to access this machine through Wireguard

However, I don't have enough hindsight to know whether this is a sufficient layer of security to at least prevent bots from accessing my data or compromising my machine.

I've also seen Wireguard-based solutions like Tailscale or Netbird that seem to make configuration easier, but I have a hard time knowing if it would really be useful in my case (and I don't really get what else they are doing despite simplifying the setup).

Do you have any opinions on this? Are there any obvious security holes in what I've said? Is setting up a VPN really the solution in my case?

Thanks in advance for your answers!

(page 2) 29 comments
sorted by: hot top controversial new old
[–] hperrin@lemmy.ca 2 points 4 months ago

I use OpenVPN. It’s pretty easy. You set it up with docker, download the client.ovpn file, then turn off port 80 (only needed for downloading that file). Now you can take that file and use it all of your devices to connect.

[–] BCsven@lemmy.ca 2 points 4 months ago

Tailscale is great in that config is super simple. Downsides tailscale ssh has to be called at launch if you want ssh access over that network... Could be a benefit for security...however its a tailscale specific ssh and not everything is available.
Data servers moved to the USA a few ears back.

Wireguard is more setup, but a better (self host option ). There is also Headscale if you want to selfhost a tailscale type server

[–] ZeldaFreak@lemmy.world 2 points 4 months ago

I do have both (VPN and Reverse Proxy) running. For VPN my router uses Wireguard and at work we use Wireguard as well. You can alter the config in such a way, that only internal traffic would get routed through your VPN. I love this, because for regular traffic, I'm not bound to the upload at my home network or with work, route my personal traffic through the company internet or lose access to my own network.

Reverse proxy isn't bad either. I have a DNS running at home, that redirects my domain used for home stuff, directly to the reverse proxy. This way I can block certain stuff, I want a fancy domain but not be accessed from the outside, because its not needed or not set up properly.

With a VPN, you would be more secure, because its a single instance you need to keep safe. With regular updates and set up properly, this shouldn't be an issue. But I would suggest reading tech news portals, that do cover security breaches of well known software.

With a reverse proxy setup I use, I must trust so many things. I must trust my reverse proxy with the firewall and then each server I run.

But keep one thing in mind. If you for example use stuff like Home Assistant, that you access in the background, it wouldn't work if you connect via a VPN. With Wireguard I can be connected 24/7 to my VPN, even at home. With the previous VPN my router used (I guess it was OpenVPN), this wasn't possible.

[–] Itdidnttrickledown@lemmy.world 2 points 4 months ago

I run pfsense as my router on a small form factor PC with two Ethernet cards. I run Wireguard which is pretty easy to setup in pfsense. I have the client installed on my PC at work and my mobile devices. I'm never more than a click from being connected to my home network.

In the past I used ssh tunnels with port forwards to the services I wanted to access remotely.

[–] sixty@sh.itjust.works 1 points 3 months ago

Could any pros here give me a quick rundown of how setting up a VPN compares to a reverse proxy?

[–] UltraMagnus0001@lemmy.world -3 points 4 months ago (2 children)

My Asus router has a a few nice ones

[–] UltraMagnus0001@lemmy.world 1 points 4 months ago
  • pretty much any modern asus routers with a mesh setup and if you run merlin it has more security features.
load more comments (1 replies)
load more comments
view more: ‹ prev next ›