view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
My recommendation: host OpenVPN, change the default port and only access your NAS from the internet using your VPN. Also only allow the VPN port on your router firewall.
If this, then I would highly recommend Tailscale or Headscale. Just simplifies this process so much. Tailscale is so darn good, my number one tool of choice.
Yeah definitely a good idea. Routing your mobile traffic through it so your carrier cannot access your traffic and the services you don’t want to share location with can’t snoop as much on you.
I meant more because people generally don't have as much time to spend on IT security as companies, but yeah, it works for privacy as well.
this is a great idea but it will only work if they have a public ip
Depends on your router. I have an Asus and it has a free ddns option through their domain. I point my Wireguard client at this address and never think of it again. That way, the only port that's open on your router is a Wireguard port and they don't respond to sniffing.
If that's not a possibility, I had a ddns service before that for like $2/month
maybe is specific to my country, but here the majority of network plans have a CGNAT down the line. So we have a private ip at the router and there is no way to reach it, unless you reley the traffic to a third point.
if you want a public ip (even dynamic) you need to pay up
You can grab a static public IP on a VPS for free. That's what I do
works well, though the VPS speed is capped pretty low.
I have a vps for 2€/month. It's not a powerful machine, but easily enough to host wireguard and caddy.
No he doesn’t mean a static IP, he means a publicly routable IP. That’s not something DDNS will help you with.
True. But pretty much the same applies for dynamic DNS services, except you have to trust your dynamic DNS provider.
DDNS won’t help you if your IP isn’t a public IP
It makes a tunnel through to you and links to that.
DDNS doesn’t do tunneling. DDNS is a solution to a changing public IP, not something like CGNAT. You’d need a separate service with a relay server to do something like what you’re suggesting, like how Zerotier or Tailscale work.
Ah, I've only ever seen it in combination with a tunnel, so I assumed it's part of that.