this post was submitted on 19 Jan 2024
12 points (87.5% liked)

Selfhosted

40173 readers
592 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

ive anabled a port forward on port 80 (TCP/UDP) to my server, but i still cant acess it. i know its unsafe to just open a port like that, this is temporary, just wanna see if it works. ill put a reverse proxt and https on it later

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 10 months ago* (last edited 9 months ago) (3 children)

I'm kinda weirded out by all the people suggesting a VPN here.

Like -- if you're hosting Nextcloud, Jellyfin, etc and you want friends/family to use it, having them VPN into shit is a hurdle that none of them are going to overcome.

You need to make sure you're not behind CGNAT first, if not, don't use Nextcloud on port 80, put it on another port, and then open that port to the outside world.

Just be aware, you REALLY want these things to be isolated from your home environment if you're going to host them, and you NEED to be on some sort of CVE notification list for the software you currently use. Not all CVEs are "YOU MUST UPGRADE NOW", but some of them can be pretty severe.

I've set up fail2ban on my isolated network, and it does a pretty good job of banning any IPs that are probing for things. So much so that I've accidentally locked myself out of my own network a few times, lol

IF you ARE behind a CGNAT - what you'll want to do is likely rent the cheapest VPS you can find, and then set up a VPN not on the VPS, but on your home network, and have the VPS be your public entry point to the network, as it will have a public facing IP and can mask your home IP address. -- https://github.com/fractalnetworksco/selfhosted-gateway

Edit: THEN - once you've accomplished all that, you'll probably want to buy a domain name, and reverse-proxy subdomains to forward to the services on specific ports.

[–] [email protected] 1 points 9 months ago

having them VPN into shit is a hurdle that none of them are going to overcome.

If you have a lot of people connecting, then that's fair. But setting up a VPN for one or two households isn't hard. Even easier if you use Tailscale (apparently, never tried it myself).

load more comments (2 replies)