this post was submitted on 28 Oct 2024
42 points (97.7% liked)

Selfhosted

39824 readers
664 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
42
Ditching the VPN and port forwarding the selfhosted way (lemmy.ml)
submitted 8 hours ago by ntn888@lemmy.ml to c/selfhosted@lemmy.world
11 comments fedilink hide all child comments
 

For folks that are unable to port forward on the local router (eg CGNAT) I made this post on doing it via a VPS. I've scoured the internet and didn't find a complete guide.

top 11 comments
sorted by: hot top controversial new old
[–] SexualPolytope@lemmy.sdf.org 1 points 3 hours ago* (last edited 3 hours ago) (1 children)

Hey, great post. I have one request. Can you maybe add some description for what the iptables entries do? I have a similar setup with a lot less iptables rules that works well for me. But I'm not an expert in networking, and am now worried that I might be missing something that can leak my home IP.

[–] ntn888@lemmy.ml 2 points 2 hours ago

Thanks for the feed back. I started out with that post I referenced in my article, which had fewer entries. It didn't work. Caveat was although the online port checkers were reporting the port as open, it was not actually making through the tunnel!

I actually solved it by asking chatgpt!! I put in the suggestions and it worked. I'm also no expert on creating iptables, but once it was in place it seemed self explanatory.

I ran netcat as client-server to test it actually worked.

[–] PunkiBas@lemmy.world 8 points 7 hours ago

Thanks for the nice write-up, saving it in case I find myself behind CGNAT in the future.

[–] EmbarrassedDrum@lemmy.dbzer0.com 1 points 6 hours ago (2 children)

another option is to use Cloudflare's tunnels. it's free, I use it all the time. really great.

[–] Schlemmy@lemmy.ml 17 points 6 hours ago (1 children)

I've set up some tunnels. Works nice but then the voices came. 'Why would you trust a company like Cloudflare with all your data?' 'Why rely on this one company for all your services?'

Nearly a year into my selfhosting journey and I'm more confused than ever.

[–] EmbarrassedDrum@lemmy.dbzer0.com 1 points 24 minutes ago

tl;dr: classic convenience/privacy. depends on your threat model. surely better than Google. models of zero trust will help.

That's a great question, that I have asked myself before too. It doesn't have one answer, and any one would make their own choices based on their own respective threat model. I'll answer you with some of my thoughts, and why I do use their services.

I'll take as an example my usage of NextCloud, coming as a replacement to Google Drive for example.

let's break up the setups:

  1. client (mobile app, desktop client, browser)
  2. communication to server
  3. server

It's oversimplified, but to the point: In Google's setup, you have control of 0 out of three things.

  1. you use their closed source client, 2. they decide the communication to the server (if there's any CDN, where their servers located, TLS version), and 3. data is on their servers, wether encrypted or not is up to them.

In NextCloud's setup,

  1. The clients are open source (you can varify them, or build your own),
  2. communication to server is up to you. and in this case you trust your data with CF, that's right. gonna have to trust them.
  3. server is your server, and you encrypt the files how you want.

From just this look, NC is clearly better off. now, it's not perfect, and each one will do their own convenience vs privacy deal and decide their deal.

If you deploy some sort of e2ee, the severity level of CF drops even more, because they're exposed to less data. specifically for NC they do do e2ee, but each solution to its own. https://nextcloud.com/encryption/ this goes as an example for zero trust model. if you handle the encryption yourself (like using an e2ee service), you don't have to trust the medium your data is going through. like the open internet.

[–] ntn888@lemmy.ml 7 points 6 hours ago (1 children)

Yeah it's a popular choice for various things. But wouldn't it be against TOS using it for p2p and that amount of traffic?

[–] EmbarrassedDrum@lemmy.dbzer0.com 0 points 4 hours ago (2 children)

gotta admit I haven't read the ToS, but I didn't encounter any problems. I'm streaming GBs of music via the tunnel and it still works. p2p I didn't try, but I don't really see a reason to?

[–] asap@lemmy.world 2 points 1 hour ago (1 children)

Just remember that Cloudflare decrypts and re-encrypts all your data, so they can read absolutely everything that passes through those tunnels.

[–] EmbarrassedDrum@lemmy.dbzer0.com 1 points 22 minutes ago

mind elaborating?

If I let them handle the TLS for me then I can see that. but if, for example, I'm using NextCloud, which implement end to end encryption from client to server, then I wouldn't care if they did, no?

[–] ntn888@lemmy.ml 2 points 2 hours ago

Huh, good to know. I'm out remember some of us have traffic in the TBs pretty month!