• 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: August 24th, 2023

help-circle







  • Additionally, is a self hosted server only accessible inside my home? What about accessing the services outside, like Bitwarden or Nextcloud apps that require syncing and availability of data wherever I am? If it is useless outside, there would be no point for me personally to self host in the first place since I am perfectly fine with using cloud services for now and the convenience that comes with it. Plus, no one else in my family cares about self hosting and I don’t wish to spend the effort to convince them to in vain, so setting up a server for convenience of everyone at home is also out of the question.

    It is only accessible from your local network (if it is there in the first place, you can always selfhost on rented virtual private server), until you make it accessible. There a different ways to achieve that:

    • Wireguard tunnel
    • cloudflare tunnel
    • (reverse) ssh tunnel
    • dynDNS
    • opening ports on your router

    Which is the way for you depends on the circumstances, how your ISP connects you to the internet mainly



  • I use reverse ssh tunnels, technically running on my home server. For each service i want to expose on the internet, i have a systemd-unit which handles a said reverse tunnel to the vps. Basically, the port running the service locally gets tunneled to a port on the vps, that happens via ssh, so reasonably secure (login as root disabled, login with password disabled, with a special user with little to no rights running the systemd service locally and remotely to log in via ssh). On the remote vps, there is a reverse proxy running, nginx, which works like the service would be running on the remote vps, really. There are some services actually running there, a mail server for example. The config files aren’t really different, everything nginx handles gets passed to a localhost port. A nginx instance is also running on the local home server to serve all the local services and the global ones locally, and the dns on my main router resolves the adresses of the global services to the local ones. SSL-Certificates are acquired by the remote vps and copied to the local home server, so that the end users don’t have any difference in their ux regardless if they are in the local network or somewhere outside.

    Edit: I mostly use this approach because my ISP uses dualStack lite and I could not access anything local from outside with any other technique. But I like it, it is really basic.