Self-Hosted Main

515 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

Choosing Between ZeroTier, HeadScale, and Netmaker for Selfhosting (alien.top)

submitted 1 year ago by No-Firefighter2532@alien.top to c/main@selfhosted.forum

11 comments fedilink hide all child comments

I find myself a bit confused, as I'm not an expert in this field. I'm looking for advice on what to use: ZeroTier, HeadScale, or Netmaker. My goal is to place my services behind a VPN for added security. I'm wondering which of these options is better and more secure. Is it worth comparing Netmaker to HeadScale and ZeroTier, or are they best suited for different purposes? If I opt for ZeroTier, is self-hosting a better choice, or should I go with their free plan?

you are viewing a single comment's thread
view the rest of the comments

[–] lilolalu@alien.top 1 points 1 year ago (1 children)

BTW unless you are behind a cgnat you don't need any of these solutions, neither a VPS with wireguard. Its weird that nobody uses the simplest solution anymore, which is a dynamic DNS.

if you additionally want to have a domain pointing at your server, just set CNAME for the ddns name in your dns settings.

I think besides the very minor advantage of having a fixed IP (unless you want to run mailserver) instead of a fixed domain name, most people think they don't have to take care of security anymore because cloudflare does it for them.

[–] Accomplished-Lack721@alien.top 1 points 1 year ago

In my case, I run a Wireguard server on my router. Not every router firmware has that option, though (and some people may have the option and not realize it).

I think there are some people who worry about opening up the port for the VPN. But it's not a particularly high security risk, and services like Tailscale aren't automatically better just because they initiate outbound connections.

People overestimate what something like Cloudflare does for them. It can be helpful for a number of use cases and includes some good risk mitigation options, but it a service is still available to the outside world, it's still a potential vulnerability point that needs to be hardened reasonably at the level of the application and one's own network, too.