this post was submitted on 18 Jun 2023
6 points (100.0% liked)

Self Hosted - Self-hosting your services.

506 readers
2 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
 

Hi All, I know it was asked multiple times but I'm a noob.

What is the best way to access my server from external network? I know I can open a port on router (not recommended), Tailscales, Wireguard or Direct VPN. I will access from android phone and maybe from other devices.

What I want to try to access (mainly docker on NAS)

  • bitwarden
  • calibre
  • setup home assistant
  • possibly RSS server
  • nextcloud
  • plex server (already remote access)
  • maybe docker apps too

Thanks

top 14 comments
sorted by: hot top controversial new old
[–] Dirk@lemmy.ml 4 points 1 year ago (1 children)

I know I can open a port on router (not recommended)

This is basically the only option you have if you want to provide access from external to selfhosted applications. Just forward the desired ports to the machine where the services are running on.

The less entry points you have, the better. You could “bundle” all web-based applications on port 443 and use a reverse proxy to route the traffic to the actual port based on the hostname the access was done on.

So in your router you define that all https traffic (port 443) is forwarded to your server, and on your server there is running a reverse proxy listening on port 443. All of your applications are listening on different ports that are not accessible from external. The reverse proxy then takes the hostname used for access and proxies the traffic to the actual host based on that hostname.

With this you have only one port open on your router and this one port is only forwarded to one single machine. Everything else is handled by that machine.

[–] wolfowl 1 points 1 year ago

Thanks. I tried setting up reverse proxy through synology and failed miserably. I might try again.

[–] kraxyk 3 points 1 year ago (1 children)

So really you have a decision to make here. Will you always have access to the VPN when you want to use those services. I suspect the answer is no in practicality. So I prefer to use something like Cloudflare tunnels to provide secure access to my network resources I'm choosing to share. I dont have to worry about ever use and every device always using a VPN. That's just my preference though. It should be noted that I believe video and audio streaming is still against thr ToS for cloudflare tunnels. So for those applications I night use a different strategy like a VPN or wireguard.

[–] wolfowl 1 points 1 year ago

I read more about cloudflare. It seems like it would not play well with nextdns that i am using. I would like to have bitwarden use cloudflare tunner to connect to a self hosted vault but all other internet traffic go via nextdns. Seems like reverse proxy is the simplest way. Will research nginx next or synology reverse proxy.

[–] ram@lemmy.ca 3 points 1 year ago (1 children)

You could use Cloudflare Tunnels. If you want to be the only one with access to them, you could set it in your private networks, which are only accessible to you on any device with the WARP client installed.

[–] wolfowl 1 points 1 year ago

Thanks. Would it mean every time I need to access bitwarden server externally I would need the cloudflare application to run?

[–] TagMeInSkipIGotThis@lemmy.nz 3 points 1 year ago

An option is to set up WireGuard vpn as well couple it with your internal DNS for all those services, and nginx proxy manager to grab certs which you’ll need for hosting Bitwarden/vaultwarden.

443/80 get opened and pointed to nginx which has acl only allowing internal access, then whatever port you choose for WireGuard. On your phone setup the WireGuard app for on demand access once you’re not on your home wifi and job done.

[–] tenebrisnox@feddit.uk 2 points 1 year ago (1 children)

I’m fairly noob-ish but have run Tailscale like this for about a year:

Tailscale on your NAS runs as the host and when you open the Tailscale app on your phone you copy the IP it gives you and use that (plus the port that your services like Bitwarden, Calibre etc each use). Eg.

100.121.9.23:8081

THAT’s the sort of IP you the add to the Bitwarden app or type into your web browser.

I’m pretty amateur with tech but found Tailscale pretty easy to set up and run.

[–] wolfowl 1 points 1 year ago

Thanks That is helpful. i went into a rabbit hole. I started setting up nginx, cloudflare, got own domain but discovered that I am behind double NAT due to ISP. Research continues.

For your calibre: is it calibre web and does it sync with your ebook? I have kobo so looking for sync not through my laptop.

[–] wolfowl 1 points 1 year ago

I managed to get this setup: cloudflare (not tunnel) and nginx. I hope all is well with security, certs as I have vaultwarden there (behind 2fa).

Is there a way to check security of this connection? I used Mozilla Observatory and similar. My worry is that I see traffic from other countries (analytic in cloudflare). Should I worry or this is normal scanning?

I now locked cloudflare so it is only accessible from my country.

[–] Parsnip8904 1 points 1 year ago (1 children)

I use tailscale for this with no issues. It traverses my CGnat without significant speed reduction. Just install tailscale on the hosts with the services on them and use magic dns or install tailscale on a vm/container and have it advertise your home subnet as a subnet router.

[–] wolfowl 2 points 1 year ago (1 children)

thanks. So lets say I want to open Bitwarden app on android, and the vault is on NAS, I need to open the tailscale app first on that mobile? Sorry if this is a silly question.

[–] Parsnip8904 2 points 1 year ago

Yeah. The simplest setup you could start with with would be tailscale on the nas and your phone, switch it on in Android (it works like a VPN) and you should be able to connect to the tailscale ip of the Nas.

[–] wolfowl 1 points 1 year ago

Started reading about Cloudflare. It is tricky to connect it to bitwarden vault. Another thing is that use nextdns and it might clash.

load more comments
view more: next ›