If you don’t want it publicly exposed to the internet you can use a vpn. Tailscale is probably the easiest.
Self Hosted - Self-hosting your services.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules
- No harassment
- crossposts from c/Open Source & c/docker & related may be allowed, depending on context
- Video Promoting is allowed if is within the topic.
- No spamming.
- Stay friendly.
- Follow the lemmy.ml instance rules.
- Tag your post. (Read under)
Important
Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!
- Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate.
Cross-posting
- !everything_git@lemmy.ml is allowed!
- !docker@lemmy.ml is allowed!
- !portainer@lemmy.ml is allowed!
- !fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
- !selfhosted@lemmy.ml is allowed!
If you see a rule-breaker please DM the mods!
for this I am using zerotier - and I can connect from outside but ... using IPs which is not great. Would like to use domains
Sounds like you want to set up DDNS (dynamic DNS). Basically run a little script on your router or server that occasionally updates a domain name with your IP address.
Many free options. DuckDNS, Cloudflare, etc.
I'm using PiHole with my tailscale to use their MagicDNS.
This shares the PiHole among all the devices connected to the tailnet, and in the PiHole you can configure your local DNS to point your domains to your tailIP.
My setup has several services in a single machine, so there's also the issue of ports, for that I use caddy as a reverse proxy, which also allows me to have HTTPS only configuring the key to my registrar for the DNS challenge
consider tailscale
You will need to open some ports, but ideally you just open up 1 port for a VPN and call it a day.
If you want a really easy solution you can buy one of the mid to high end routers that comes with a built in OpenVPN you can enable, and you just do the process to have it be the router for your network (usually by setting your modem to pass through mode and then have your personal router immediately next in line, and it becomes the actual router of the network)
If you do a search you should find a few decent models out there with OpenVPN support, and then its just a matter of enabling the feature in the router's interface and following its guide and then installing OpenVPN on your mobile phone(s)
Thank you for this tip, actually I have second router connected to my main router(from provider) and on this second router I have openwrt - I think I have seen there openvpn option - will check
No problem, the mode you are looking for is called Bridge Mode, and what you'll need to ensure your setup is, is:
ISP -> ISP Router -> Your Router -> Rest of the network
It's crucial you only have your router as the only thing plugged into the ISP Router, and you want it to be typically plugged into port 1. You'll need to either look up the paperwork or talk to your ISP about how bridge mode works for their modem model.
Keep in mind once bridge mode is enabled on the ISP router, it loses its wifi network so the only way after you can connect to it to configure it is by a physical connection, so if you mess it up you'll need to have a laptop or smartphone you can physically connect via ethernet to port 1 of the isp router to be able to access its interface again.
But once you get bridge mode working your private router will now get a public IP assigned to it instead and it will act as the "real" router of your network.
using a reverse proxy is prob your best bet. something like nginx (nginxproxymanager for easier configuration)
nginxproxymanager
Well, I was trying to play with nginx proxy manager, was able to set this but still, could connect only from home network - not from outside
nginxpm still requires ports to be open, but only 2: 80 and 443. a lot better than opening every port for every service you have
You’ve really got two options here. Tailscale, which will give you named dns routes for your machines, based on the machine name, or dynamic DNS with a reverse proxy like SWAG.
I use zerotier for that kind of stuff, mostly because it runs native on my router (mikrotik) and is zero config so easy to run on a random mobile device I might have on me.
you could use cloudflare zero-trust, i use it with a docker container which runs cloudflared. it tunnels your services through without a single port open. there are a couple youtube tutorials which are pretty good.