A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Figured I'd give Netbird a go, glad I did because I can self host extremely easily by using the new services feature.
You specify a subdomain, point to a peer, specify a protocol and port, and you are good. NetBird fetches you the certificate and your site goes live fast.
I can use my Immich with my mobile data now.
Edit: Note that I choose to self host NetBird, and haven't really used the service they provide all that much.
Where is this hosted? What jurisdiction is netbird in?
Netbird is a European company headquartered in Berlin. It's fully FOSS and you can self-host the entire stack, unlike Tailscale which relies on a third party implementation.
There's a script on their github that makes setup super easy.
That said, I've no idea where their servers are, if you opt to use their servers instead of hosting your own.
Edit: oh yeah, they also have a YouTube channel with updates and guides.
It seems similar in purpose to pangolin, how do they differ?
Had the same question since I am running pangolin
https://netbird.io/knowledge-hub/netbird-vs-pangolin
Network architecture
Never used Pangolin, so I've no idea. Sorry.
I love to hear about a Canadian alternative.
Detect is way too expensive because of the amount of unique visitors you get. When you federate and post, you'll see your unique visitors climb fast.
Lemmy.ca gets it free I think because they are a non profit and deflect is being generous.
What’s the advantage of this over cloudflare and a reverse proxy? It does the certificate management for you as well?
Not routing all your unencrypted traffic through a company located in an dictatorship
So? It's just a reverse proxy?
Then it doesnt solve the purpose of Cloudflare which also has WAF.
And that can (for example) be done with CrowdSec.
Crowdsec is OSS, but probably not fully autonomous because it needs the hivemind to really work it's intended purpose.
Other than that it's a fancy fail2ban.
Thus I need to ask: What does Netbird better?
Independence since no cloud flare
Streamlining mostly.
Replaced a self hosted Wireguard/OVPN setup that was used to navigate corporate/public networks with Netbird a few months ago and haven't looked back. Never having hosted Tailscale, I am impressed with the flexibility and routing an overlay VPN offers, particularly with Netbird's management UI. The project itself seems well maintained and the team regularly adds new features, many of which I have not bothered to explore yet.
Give it a go I say.
I've been using Pangolin since it came out ... to make my services available without opening ports, but I also use Netbird for VPN access.
Is their DNS forwarding "resources" stable? Last I heard it was in beta only ... if I can eliminate one more piece of software that I have to admin and maintain, that'd be great.
I tested pangolin to replace wireguard on my VPS but the problem with pangolin is that is not designed to allow external devices like a mobiles is more about to connect sites.
Tried netbird and is a great piece of software tons of options and with the new added reverse proxy is the perfect replacement for wireguard my only turn down was that exposing services unlike pangolin that let you have link like service1.domain.com in netbird is service1.proxy.example.com.
Thats an interesting limitation, so netbird has to use the "site" as part of the URL for resources? can you pick the name? or is it dynamicaly generated?
Yes, you can pick the name.
I use both. Pangolin for anything that absolutely requires an external connection, netbird for internal.
I'm an oldhead on hosting. I have an semi-old server running in a cabinet in my office space at home, which runs an nginx reverse proxy. My DNS records are maintained on the side of the webhost where I have my domain (and email inbox) registered. These records point directly to my WAN IP, so a lookup of my domain would instantly show my public IP.
I host a couple of services on that server, some for myself, some for friends. One of them is a Jellyfin instance.
I'm a bit lost in the technobabble, would Netbird help me hide my IP from a lookup, and solve things like DDoS protection / AI scraping, without me needing all kinds of wireguard apps etc?
I know its superficial, but I find it important that when I'm visiting my dad's, I can watch a film on the Chromecast from my server, so putting a vpn in front of that would mean to screw with that.
I don't think so in your case. From their docs these features are only available for self hosted instances, so you'd have to host Traefik instead of Nginx and end up with a similar config as your current one.
Netbird/Tailscale are at their heart private LAN that you control that routes over the internet. They have some features on top to make DNS/TLS/Services/Tunneling easier. OP is using a service to allow external access to a host on their LAN.
If you wanted to hide your home IP you could either use something like Defelct or Cloudflare as a reverse proxy, or host your own reverse proxy on a cloud provider (either Nginx like you currently are, or Netbird's reverse proxy UI) and proxy it back to your local server over something like Netbird/Tailscale.
DDOS/Scraping protection would depend on the method you choose.
Shout-out for pangolin. Betbird looks interesting too!
I just looked it up and pangolin is based in the us. Since it's selfhosted the impact is little but if a government turns bad (and theirs has) it poses a risk. Even if it's open source I don't read the code and verify every update. Hmm
It’s great. And I hope it will last as it is as long as possible.
I applied to work for them. Insta-rejected :/
Must be amazing
I really wanted to keep it after deciding to switch from Tailscale, but it's mobile app is draining my phone's battery. It also disconnects without automatically reconnect. Now, I'm in the process of setting OpenZiti up.
How's your experience with NetBird's mobile app?
There is an alternative unofficial app available on F-Droid called JetBird.
It is as valid as the official one.
To reduce battery usage, you may want to try Netbird's Lazy Connections feature.
just curious, why move away from tailscale?
Because the main reason I'm self-hosting is to have control over my data. This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers. Besides that, they're on the Enshitification road, which made me to search for 100% self-hosted alternatives. And yes, I'm going for EU based companies when it's a viable option.
You can self host the Tailscale server via Headscale.
This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers
You gave away your metadata getting on the internet today. I like controlling my data as well, however I realize that certain compromises just have to be made in order to continue to live in a global, civilized, society.
While I agree with You that there is always a compromise regarding privacy and participation. But you can always take steps to reduce that delta between reality and ideal by optimizing things.
I've been looking at this. I'm currently hosting headacale which is super easy and nice. I might give this a try I just need to get over the hurdle of adapting this to work with podman like I have with headscale. Anybody else running this via podman quadlets?
lmao
This is interesting. I'm excited to hear more about NetBird.
if you're only hosting Immich for yourself, it might be better to look into setting up internal VPN only access to it for remote connection.
Netbird is an relay VPN at heart. The machines you connect called "peers" communicate with eachother like it's one network. I could access my servers from anywhere else and it would connect provided I have the client on and connected.
When you register a peer by installing the client, the device gets a NetBird IP and domain that other peers in the network can access. The communication between the peers is end to end encrypted and if you access them with the provided Netbird IP or domain via HTTP, the packets in wireshark can not be read. From my testing it seems to be quite good.
The reverse proxy service feature is the way you can make something openly accessable without the end user needing to install a client. You specify the protocol, destination and port and you are set. The only downside is you need two domains, one for management and the other for proxying. You also need to set CNAME records right for the SSL certs to work.
My friend who has little self hosting experience was able to quickly get his Jellyfin up within a few minutes. NetBird deals with the cert for you in the background when you make the service. After a few seconds, the service is live and accessable
Is it identical to Tailscale?
Sounds like those solutions.
Essentially a reverse proxy and vpn client.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| HTTP | Hypertext Transfer Protocol, the Web |
| IP | Internet Protocol |
| SSL | Secure Sockets Layer, for transparent encryption |
| TLS | Transport Layer Security, supersedes SSL |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
| nginx | Popular HTTP server |
8 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #143 for this comm, first seen 7th Mar 2026, 07:40] [FAQ] [Full list] [Contact] [Source code]
I am currently using Traefik with rathole to expose services which do not have a public available port. It seems netbird has a nice gui, but is not able Todo advanced reverse prox configs based on path, headers, etc...