this post was submitted on 29 Oct 2023
11 points (92.3% liked)

Self Hosted - Self-hosting your services.

11444 readers
38 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
 

Hi, guys. Like in the title. I have orangepi5 with some services like nextcloud or grafana. I would like to access to those instances from outside - but I don't want to open ports.

Could you guys point me how can I achieve that?

Do I need to set domain for home services? I have heard that people recommends cloudfare tunnel, but I think cloudfare tunnel does not work with subdomain like duckdns. Do I need to buy domain for my case? One more think, if I set this tunnel or maybe other solution- should I go with https (lets encrypt) solution?

Thank You

all 17 comments
sorted by: hot top controversial new old
[–] SmashingSquid@notyour.rodeo 17 points 1 year ago (1 children)

If you don’t want it publicly exposed to the internet you can use a vpn. Tailscale is probably the easiest.

[–] karcio@lemmy.world 3 points 1 year ago (2 children)

for this I am using zerotier - and I can connect from outside but ... using IPs which is not great. Would like to use domains

[–] navi@lemmy.tespia.org 7 points 1 year ago* (last edited 1 year ago)

Sounds like you want to set up DDNS (dynamic DNS). Basically run a little script on your router or server that occasionally updates a domain name with your IP address.

Many free options. DuckDNS, Cloudflare, etc.

[–] pe1uca@lemmy.pe1uca.dev 3 points 1 year ago

I'm using PiHole with my tailscale to use their MagicDNS.
This shares the PiHole among all the devices connected to the tailnet, and in the PiHole you can configure your local DNS to point your domains to your tailIP.
My setup has several services in a single machine, so there's also the issue of ports, for that I use caddy as a reverse proxy, which also allows me to have HTTPS only configuring the key to my registrar for the DNS challenge

[–] jet@hackertalks.com 4 points 1 year ago

consider tailscale

[–] pixxelkick@lemmy.world 3 points 1 year ago (1 children)

You will need to open some ports, but ideally you just open up 1 port for a VPN and call it a day.

If you want a really easy solution you can buy one of the mid to high end routers that comes with a built in OpenVPN you can enable, and you just do the process to have it be the router for your network (usually by setting your modem to pass through mode and then have your personal router immediately next in line, and it becomes the actual router of the network)

If you do a search you should find a few decent models out there with OpenVPN support, and then its just a matter of enabling the feature in the router's interface and following its guide and then installing OpenVPN on your mobile phone(s)

[–] karcio@lemmy.world 1 points 1 year ago (1 children)

Thank you for this tip, actually I have second router connected to my main router(from provider) and on this second router I have openwrt - I think I have seen there openvpn option - will check

[–] pixxelkick@lemmy.world 1 points 1 year ago

No problem, the mode you are looking for is called Bridge Mode, and what you'll need to ensure your setup is, is:

ISP -> ISP Router -> Your Router -> Rest of the network

It's crucial you only have your router as the only thing plugged into the ISP Router, and you want it to be typically plugged into port 1. You'll need to either look up the paperwork or talk to your ISP about how bridge mode works for their modem model.

Keep in mind once bridge mode is enabled on the ISP router, it loses its wifi network so the only way after you can connect to it to configure it is by a physical connection, so if you mess it up you'll need to have a laptop or smartphone you can physically connect via ethernet to port 1 of the isp router to be able to access its interface again.

But once you get bridge mode working your private router will now get a public IP assigned to it instead and it will act as the "real" router of your network.

[–] XCraftMC@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago) (1 children)

using a reverse proxy is prob your best bet. something like nginx (nginxproxymanager for easier configuration)

[–] karcio@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)

nginxproxymanager

Well, I was trying to play with nginx proxy manager, was able to set this but still, could connect only from home network - not from outside

[–] XCraftMC@sh.itjust.works 6 points 1 year ago

nginxpm still requires ports to be open, but only 2: 80 and 443. a lot better than opening every port for every service you have

[–] snowe@programming.dev 3 points 1 year ago

You’ve really got two options here. Tailscale, which will give you named dns routes for your machines, based on the machine name, or dynamic DNS with a reverse proxy like SWAG.

[–] tony@lemmy.hoyle.me.uk 3 points 1 year ago

I use zerotier for that kind of stuff, mostly because it runs native on my router (mikrotik) and is zero config so easy to run on a random mobile device I might have on me.

[–] FOSSMan@lemmy.ml 2 points 1 year ago

you could use cloudflare zero-trust, i use it with a docker container which runs cloudflared. it tunnels your services through without a single port open. there are a couple youtube tutorials which are pretty good.