this post was submitted on 30 Nov 2023
3 points (100.0% liked)

Self-Hosted Main

21 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
top 32 comments
sorted by: hot top controversial new old
[–] Encrypt-Keeper@alien.top 1 points 1 year ago

For starters the CF tunnel means your service is publicly accessible and Tailscale or Wireguard it won’t be.

[–] jazzmonkai@alien.top 1 points 1 year ago

I started with Tailscale. My main use in the beginning was to have access to my Home Assistant when I was out, and for that it was perfect.

Then I started to want access to files on my NAS without using Synology's Quickconnect after they had a security scare. Tailscale was fine for this too.

But when I began game streaming from my home PC, that's when Tailscale stopped working for me. Latency spikes, poor bandwidth, it just wasn't up to the task.

Now I have wireguard set up on my Opnsense router, and it's perfect. My upload speeds are max 20Mbps due to my internet service, but I can reliably stream at around 15Mbps with latency of about 25ms max.

It's definitely harder to manage and maintain than Tailscale was, and I've ended up doing a bunch of other stuff like buying a domain so I can have SSL for my other hosted services (which have grown since I started, naturally!), but for performance it's ideal.

I'd probably start with something like Tailscale or Zerotier because they're easy to set up and deploy. If that meets your needs, no need to look elsewhere. I considered CF tunnels but I have one already set up for Google Home to interact with Home Assistant and I find it hard to understand so the idea of using it more widely didn't seem smart. I'm already worrying about the day I have to update the domain name from the current DuckDNS one to my paid for domain...

[–] Cold-Membership7654@alien.top 1 points 1 year ago

I have been experimenting with Tailscale and it's just not fast enough for our needs. It's insanely simple to setup and get guys going on it, but in the end we couldn't get more than ~20mbit or so, if even that. Looking forward to giving Netmaker a shot (Still a Wireguard Kernel as Tailscale), but we need to be able to switch allowed access between different groups of external users throughout the day. Ideally in a way that only requires a click or two, or can be somehow automated into a click or two.

[–] arcadianarcadian@alien.top 1 points 1 year ago

Wireguard.

Because I would like to self-host everything myself, so why should I use another 3rd party service?

[–] LegitimateCopy7@alien.top 1 points 1 year ago

wireguard as primary, Tailscale as backup.

if I have something I don't mind Cloudflare and the government taking a look, then Cloudflare tunnel.

[–] ElevenNotes@alien.top 1 points 1 year ago (3 children)

Pretty simple answer: Wireguard.

Why? It’s the fastest of them all, works on almost all devices you can imagine, does not rely on any 3rd party like Tailscale with OICD or other IdP. Tailscale has its use when you are behind CGNAT and don’t want to VPS a Wireguard server somewhere with a static IP, other than that, it has no use in my opinion. I’m fully aware that I get downvotes from people who praise the zero trust principals of Tailscale and all the rest, but they always forget that you can do zero trust since decades with any network equipment (VXLAN) and add Wireguard to the mix. You can even run Wireguard in your local network to encrypt unencryptable traffic like NFS.

Check back in a few hours /u/Silencer306, this comment will have a few if not many downvotes.

[–] ArgoPanoptes@alien.top 1 points 1 year ago

If you can use Wireguard that is probably a good solution but I would still prefer to have a cloud proxy in front of it because my network can not handle all the attacks and wouldn't even notice some of them if you use just Wireguard.

I use CF Tunnels firstly because of all the protections and traffic analysis it does, and secondly, because even DDNS wouldn't work on my network.

[–] AnApexBread@alien.top 1 points 1 year ago

Tailscale has its use when you are behind CGNAT and don’t want to VPS a Wireguard server somewhere with a static IP, other than that, it has no use in my opinion. I’m fully aware that I get downvotes from people who praise the zero trust principals of Tailscale and all the rest, but they always forget that you can do zero trust since decades with any network equipment (VXLAN) and add Wireguard to the mix.

People just forget that all Tailscale is is a fancy GUI for managing Wireguard. That's it.

Wireguard lacks a lot of user management features so you need a service like Tailscale to handle that, but everything zerotier does is something you can already do in wireguard, just simplified.

[–] secopsx@alien.top 1 points 1 year ago

excellent reply

[–] NekoLuka@alien.top 1 points 1 year ago

I wanna host everything myself, but also love tailscale, so I'm using tailscale with headscale... It's so convenient to not open up ports, especially since I don't have a static IP

[–] wiseguy9317@alien.top 1 points 1 year ago (1 children)

I use Wireguard and Tailscale. Some networks block Wireguard connections. Tailscale always works.

[–] AnApexBread@alien.top 1 points 1 year ago

Some networks block Wireguard connections.

Dollars to doughnuts they're blocking the default Wireguard port. Change your wireguard port to something like 8080 or 8443 and you'll almost certainly make it through

[–] driversti@alien.top 1 points 1 year ago (1 children)

I use WireGuard. It is sufficient for me, because I have no need to make my services publicly visible.

[–] aadoop6@alien.top 1 points 1 year ago (1 children)

How do you access those services from a public network? Say, you want to access something while working from your office or a friend's computer.

[–] AnApexBread@alien.top 1 points 1 year ago (1 children)

How do you access those services from a public network?

With Wireguard?

[–] aadoop6@alien.top 1 points 1 year ago (1 children)

Sure, but what if that computer doesn't have wireguard installed. I don't see any other way except exposing the service to the public.

[–] what_comes_after_q@alien.top 1 points 1 year ago

I use Tailscale, and you can set up a subnet router for that particular use case.

[–] vivekkhera@alien.top 1 points 1 year ago

I’ve used IPSec to connect to my home (and office when I had my own company) networks. It has never failed me and the client is built right into my iphone and mac.

[–] TheRealSeeThruHead@alien.top 1 points 1 year ago

I use both. Cloudflare is for public facing services. Like overseerr and wizarr.

Tailscale is how I access my private services and dashboards.

[–] jkirkcaldy@alien.top 1 points 1 year ago

For work, Tailscale between vps and server. It works like cloudflare tunnels but doesn’t have the issues with the TOS excluding media streaming etc.

Keeps the internal server relatively safe and we can stream media/serve media content.

Cloudflare is our registrar and dns provider.

[–] PatochiDesu@alien.top 1 points 1 year ago

wireguard because no one else needs to know what services i run in my local network

[–] 007bane@alien.top 1 points 1 year ago

I use cloudflare with overseerr

[–] dnt_pnc@alien.top 1 points 1 year ago

Wireguard because my consumer router has it built-in.

[–] Anejey@alien.top 1 points 1 year ago (1 children)

I use all three.

  • CF tunnels to access generic apps I want public.

  • Tailscale to have remote access to my home network.

  • Wireguard tunnel going to a VPS for apps that I don't feel comfortable running through CF due to the bandwidth (Jellyfin, AzuraCast).

I totally could move everything that's on CF tunnels over to Wireguard, but I see no need to do it. Cloudflare is trustworthy enough and I like the additional protection it offers.

[–] AnApexBread@alien.top 1 points 1 year ago

CF tunnels to access generic apps I want public.

I totally could move everything that's on CF tunnels over to Wireguard, but I see no need to do it

How would you keep the public apps public if you require a wireguard connection to access them?

[–] terramot@alien.top 1 points 1 year ago

I have a domain on cloudflare to map internal IPs/services and use wireguard to reach the network. Tried Tailscale and Zerotier, there was a problem on some devices when switching from wifi to internet which was breaking internet access, switched to Wireguard and now i'm happy.

[–] AnApexBread@alien.top 1 points 1 year ago

Yes.

I use all three for different purposes.

It all depends on what my requirements for self hosting some are.

[–] omniterm@alien.top 1 points 1 year ago

I use Twingate, saw it in a network chuck video and setup was easy. At one point I had a VPN server running on a raspberry pi but never really used it just like I don't really use twingate that much. I may eventually setup wireguard on my cloud server so I'm the one hosting everything but for now it's not something I use so it's one of those when I get around to it.

[–] numblock699@alien.top 1 points 1 year ago

To access my stuff at home and elsewhere from anywhere I use Twingate. I don’t expose anything from my home via Cloudflare. I do use cloudflare WAFs for stuff on my VPSs.

[–] secopsx@alien.top 1 points 1 year ago

I just use the UDM-SE App (Teleport). I can connect on demand and get to all of my services, get adblocking while I'm out and about. Teleport on ubiquiti is just wireguard renamed.

I don't need to expose any services from my home network, because I'm the only one using them. If It wasn't just me, I'd just have them download the wifiman app, send them a teleport link and boom...they're in on the local network. Exposing "services" for a convenience factor is just too much of a security risk for myself.

I host all of my websites on github (free) and leverage vercel for CI/CD pipelines (again, free). Domains are the only thing public and that I pay for. (local dns reasons for lets encrypt certs) and for my public websites not associated with my home infrastructure.

[–] platswan@alien.top 1 points 1 year ago

Started with exposed domains with NPM, SSL certificates, etc. Tried out CloudFlare tunnels and wasn't satisfied, so I landed on Tailscale. Dead simple to set up and use. Fast, secure, what more to ask for?

[–] ia42@alien.top 1 points 11 months ago

When I cruise around the net I sometimes use Mullvad as an ass-guard.

When I connect to my own server I have SSH, and if I ever need to access a local port I use port redirect over the SSH tunnel.

As a backup of a backup, if I am at a site that blocks access to remotes on port 22, I have sslh running on port 443 in front of my nginx, intercepting TLS for nginx, SSH and openVPN (running in docker) all on the one port, so I have options...