this post was submitted on 26 Feb 2024
105 points (96.5% liked)

Selfhosted

40782 readers
857 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] brayd@discuss.tchncs.de 17 points 10 months ago (2 children)

I had everything behind my LAN, but published things like Nextcloud to the outside after finally figuring out how to do that even without a public IPv4 (being behind DS-Lite by my provider).

I knew about Cloudflare Tunnels but I didn't want to route my stuff through their service. And using Immich through their tunnel would be very slow.

I finally figured out how to publish my stuff using an external VPS that's doing several things:

  • being a OpenVPN server
  • being a cert server for OpenVPN certs
  • being a reverse proxy using nginx with certbot

Then my servers at home just connect to the VPS as VPN clients so there's a direct tunnel between the VPS and the home servers.

Now when I have an app running on 8080 on my home server, I can set up nginx so that the domain points to the VPS public IPv4 and IPv6 and that one routes the traffic through the VPN tunnel to the home server and it's port using the IPv4 of the VPN tunnel. The clients are configured to have a static IPv4 inside the VPN tunnel when connecting to the VPN server.

Took me several years to figure out but resolved all my issues.

[–] llii@feddit.de 4 points 10 months ago (1 children)

What benefit does it have instead of getting a dynamic DNS entry and port forwarding on your internet connection?

[–] brayd@discuss.tchncs.de 11 points 10 months ago (1 children)

With DS-Lite you don't have a public IPv4. Not a static one but also not a dynamic one. The ISP just gives you a public IPv6. You share your IPv4 address with other users. This is done to use less IPv4s. But not having a dynamic IPv4 causes you to be unable to use DynDNS etc. It's simply not possible.

You could publish your stuff via IPv6 only but good luck accessing it from a network without IPv6.

You could also spin up tunnels with SSH actually between a public server and the private one (yes SSH can do stuff like that) but that's very hard to manage with many services so you're better of building a setup like mine.

https://www.juniper.net/documentation/us/en/software/junos/nat/topics/topic-map/security-ipv6-dual-stack-lite.html

[–] llii@feddit.de 3 points 10 months ago

Thanks for the great explanation!

[–] MigratingtoLemmy@lemmy.world 2 points 10 months ago

I'm interested in why you're terminating TLS on your VPS instead of doing it on your home network