view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
That's really helpful thanks. My main reason for considering switching is for availability when outside of my home. I know I could port-foward but I am concerned about the security risks of that. I might buy one for just a month or two to see how it might help
What I do is this - and some may frown upon it because well...Cloudflare! But I use Cloudflare's tunnels to access my remote instances for my password manager, Home Assistant and a SSH shell. All of which are behind passwords and 2FA. I then have only one port open on my router, that's for my wireguard instance. I access it using my ddns and can be on my home network from anywhere.
I'd move away from the tunnels and push everything through WG, but my family is not as savvy as I am and don't always activate the tunnel when away from home. I am putting a plan for that this weekend though. :)
I managed to put my family on wireguard. I said 'install this and come to me when you are done', I finished the setup and told them 'the key icon must always be visible'. I don't know how, but it worked 🤷
Re: port-forwarding, I used traefik as a reverse proxy and that worked well (having a single domain cert instead of per service DNS is another layer but it's just obfuscation), but it's always a risk. I finally started using Tailscale after hearing about it for years and it is actually very good and deserves the hype. I had meant to setup wireguard myself but this is a lot easier. And if you don't want to use tailscale server, you can run headscale (on a cheap VPS?) instead.