A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Figured I'd give Netbird a go, glad I did because I can self host extremely easily by using the new services feature.
You specify a subdomain, point to a peer, specify a protocol and port, and you are good. NetBird fetches you the certificate and your site goes live fast.
I can use my Immich with my mobile data now.
Edit: Note that I choose to self host NetBird, and haven't really used the service they provide all that much.
lmao
I'm an oldhead on hosting. I have an semi-old server running in a cabinet in my office space at home, which runs an nginx reverse proxy. My DNS records are maintained on the side of the webhost where I have my domain (and email inbox) registered. These records point directly to my WAN IP, so a lookup of my domain would instantly show my public IP.
I host a couple of services on that server, some for myself, some for friends. One of them is a Jellyfin instance.
I'm a bit lost in the technobabble, would Netbird help me hide my IP from a lookup, and solve things like DDoS protection / AI scraping, without me needing all kinds of wireguard apps etc?
I know its superficial, but I find it important that when I'm visiting my dad's, I can watch a film on the Chromecast from my server, so putting a vpn in front of that would mean to screw with that.
I don't think so in your case. From their docs these features are only available for self hosted instances, so you'd have to host Traefik instead of Nginx and end up with a similar config as your current one.
Netbird/Tailscale are at their heart private LAN that you control that routes over the internet. They have some features on top to make DNS/TLS/Services/Tunneling easier. OP is using a service to allow external access to a host on their LAN.
If you wanted to hide your home IP you could either use something like Defelct or Cloudflare as a reverse proxy, or host your own reverse proxy on a cloud provider (either Nginx like you currently are, or Netbird's reverse proxy UI) and proxy it back to your local server over something like Netbird/Tailscale.
DDOS/Scraping protection would depend on the method you choose.
I love to hear about a Canadian alternative.
I am currently using Traefik with rathole to expose services which do not have a public available port. It seems netbird has a nice gui, but is not able Todo advanced reverse prox configs based on path, headers, etc...
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| HTTP | Hypertext Transfer Protocol, the Web |
| IP | Internet Protocol |
| SSL | Secure Sockets Layer, for transparent encryption |
| TLS | Transport Layer Security, supersedes SSL |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
| nginx | Popular HTTP server |
8 acronyms in this thread; the most compressed thread commented on today has 18 acronyms.
[Thread #143 for this comm, first seen 7th Mar 2026, 07:40] [FAQ] [Full list] [Contact] [Source code]
Where is this hosted? What jurisdiction is netbird in?
Netbird is a European company headquartered in Berlin. It's fully FOSS and you can self-host the entire stack, unlike Tailscale which relies on a third party implementation.
There's a script on their github that makes setup super easy.
That said, I've no idea where their servers are, if you opt to use their servers instead of hosting your own.
Edit: oh yeah, they also have a YouTube channel with updates and guides.
It seems similar in purpose to pangolin, how do they differ?
Never used Pangolin, so I've no idea. Sorry.
Had the same question since I am running pangolin
https://netbird.io/knowledge-hub/netbird-vs-pangolin
Network architecture
I've been using Pangolin since it came out ... to make my services available without opening ports, but I also use Netbird for VPN access.
Is their DNS forwarding "resources" stable? Last I heard it was in beta only ... if I can eliminate one more piece of software that I have to admin and maintain, that'd be great.
I tested pangolin to replace wireguard on my VPS but the problem with pangolin is that is not designed to allow external devices like a mobiles is more about to connect sites.
Tried netbird and is a great piece of software tons of options and with the new added reverse proxy is the perfect replacement for wireguard my only turn down was that exposing services unlike pangolin that let you have link like service1.domain.com in netbird is service1.proxy.example.com.
Thats an interesting limitation, so netbird has to use the "site" as part of the URL for resources? can you pick the name? or is it dynamicaly generated?
Yes, you can pick the name.
I use both. Pangolin for anything that absolutely requires an external connection, netbird for internal.
What’s the advantage of this over cloudflare and a reverse proxy? It does the certificate management for you as well?
Not routing all your unencrypted traffic through a company located in an dictatorship
So? It's just a reverse proxy?
Then it doesnt solve the purpose of Cloudflare which also has WAF.
And that can (for example) be done with CrowdSec.
Crowdsec is OSS, but probably not fully autonomous because it needs the hivemind to really work it's intended purpose.
Other than that it's a fancy fail2ban.
Thus I need to ask: What does Netbird better?
Independence since no cloud flare
Streamlining mostly.
Replaced a self hosted Wireguard/OVPN setup that was used to navigate corporate/public networks with Netbird a few months ago and haven't looked back. Never having hosted Tailscale, I am impressed with the flexibility and routing an overlay VPN offers, particularly with Netbird's management UI. The project itself seems well maintained and the team regularly adds new features, many of which I have not bothered to explore yet.
Give it a go I say.
I've been looking at this. I'm currently hosting headacale which is super easy and nice. I might give this a try I just need to get over the hurdle of adapting this to work with podman like I have with headscale. Anybody else running this via podman quadlets?
This is interesting. I'm excited to hear more about NetBird.
if you're only hosting Immich for yourself, it might be better to look into setting up internal VPN only access to it for remote connection.
Netbird is an relay VPN at heart. The machines you connect called "peers" communicate with eachother like it's one network. I could access my servers from anywhere else and it would connect provided I have the client on and connected.
When you register a peer by installing the client, the device gets a NetBird IP and domain that other peers in the network can access. The communication between the peers is end to end encrypted and if you access them with the provided Netbird IP or domain via HTTP, the packets in wireshark can not be read. From my testing it seems to be quite good.
The reverse proxy service feature is the way you can make something openly accessable without the end user needing to install a client. You specify the protocol, destination and port and you are set. The only downside is you need two domains, one for management and the other for proxying. You also need to set CNAME records right for the SSL certs to work.
My friend who has little self hosting experience was able to quickly get his Jellyfin up within a few minutes. NetBird deals with the cert for you in the background when you make the service. After a few seconds, the service is live and accessable
Is it identical to Tailscale?
Sounds like those solutions.
Essentially a reverse proxy and vpn client.
Shout-out for pangolin. Betbird looks interesting too!
I just looked it up and pangolin is based in the us. Since it's selfhosted the impact is little but if a government turns bad (and theirs has) it poses a risk. Even if it's open source I don't read the code and verify every update. Hmm
It’s great. And I hope it will last as it is as long as possible.
I really wanted to keep it after deciding to switch from Tailscale, but it's mobile app is draining my phone's battery. It also disconnects without automatically reconnect. Now, I'm in the process of setting OpenZiti up.
How's your experience with NetBird's mobile app?
just curious, why move away from tailscale?
Because the main reason I'm self-hosting is to have control over my data. This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers. Besides that, they're on the Enshitification road, which made me to search for 100% self-hosted alternatives. And yes, I'm going for EU based companies when it's a viable option.
You can self host the Tailscale server via Headscale.
This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers
You gave away your metadata getting on the internet today. I like controlling my data as well, however I realize that certain compromises just have to be made in order to continue to live in a global, civilized, society.
While I agree with You that there is always a compromise regarding privacy and participation. But you can always take steps to reduce that delta between reality and ideal by optimizing things.
Most likely three causes: U, S and A.
Didn't downvote you, and I get what you are saying, but in another way I don't. What makes every other country safer? Nothing that would happen here in the USA couldn't happen or is happening in any other country. Oh, and this has nothing to do with people trash talking the US. I do it every day I'm awake. However, for those who go with this line of thought, I honestly want to know what you think Tailscale is going to do with your encrypted traffic? Because the day the world finds out that America has cracked strong ciphers, is the day you are going to see a lot of panic and movement on this planet. And I would certainly love to make that announcement. It'll be my going out 15 minutes of fame.
You are comparing something that could happen, to something that is already happening, though. Of course people will take stance.
A lot of people are boycotting as many things from the U.S. as they can because of the warmongering paedophile, and his cadre of paedo crooks.
It's not exactly exciting to buy into products when you have that stinky orange mess breathing down your neck about how he's going to invade your continent and annex countries.
I am one of them. I am from Italy and simply do not want to support any US-based company any more, independently from their own stance on anything.
Aye, same. I'm Swedish. Not thrilled about the U.S. threatening to invade Greenland, or kidnapping heads of state. Denmark has been sucking up to the U.S. a lot through the years which goes to show that you can't trust the U.S., ever.
It’s not exactly exciting to buy into products when you have that stinky orange mess breathing down your neck about how he’s going to invade your continent and annex countries.
He does like to spread fear and doubt. That's one of his specialties. Yeah, countries enshitify too. LOL I can understand the sentiment you just expressed rather than the standard 'Tailscale metadata'. But if you want to take care of stinky orange man, you and your country will have to stand up to him. I'm doing the best I can from this end. LOL
Absolutely necessary to do more than voting with your wallet. Fascism is on the rise everywhere and we as societies need to actively engage with it and provide working alternative structures to prevent people to be drawn towards it.
Yeah, and looking at the history, unfortunately the end game is always violence. But we are nowhere near that yet, so sadly things are going to go where they are going for a while still.
I applied to work for them. Insta-rejected :/
Must be amazing