this post was submitted on 02 Jul 2023
1191 points (97.6% liked)

Selfhosted

40296 readers
217 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm already hosting pihole, but i know there's so much great stuff out there! I want to find some useful things that I can get my hands on. Thanks!

Edit: Thanks all! I've got a lil homelab setup going now with Pihole, Jellyfin, Paperless ngx, Yacht and YT-DL. Going to be looking into it more tomorrow, this is so much fun!

you are viewing a single comment's thread
view the rest of the comments
[–] i_lost_my_bagel@seriously.iamincredibly.gay 22 points 1 year ago (1 children)

A NAS or Nextcloud or some other way of having files available remotely.

Having a big box with a lot of storage that you can put things on from anywhere is so incredibly useful.

[–] fulano@lemmy.eco.br 6 points 1 year ago (5 children)

Do you think it's safe for the average joe to forward ports in the router to access things from the outside?

[–] peaceb@lemmy.world 8 points 1 year ago (1 children)

Have it be accessible over Tailscale (or similar) and that alleviates a lot of the access concerns. No need to setup port forwarding either.

[–] ElectroVagrant@lemmy.world 2 points 1 year ago (3 children)

Similar might be running Wireguard yourself, right? Albeit if memory serves that setup tends to require port forwarding, so maybe not (or maybe I set it up wrong).

[–] techviator@infosec.pub 4 points 1 year ago (1 children)

Tailscale uses the Wireguard protocol (in userspace, not kernel) along with a user and IP management system, a STUN system and a relay so they can provide easy management and connectivity even behind NAT or CGNAT. The relay uses https headers to hide the traffic, which provides a slower connection but allows connectivity in networks that block UDP or VPN traffic.

Installing a Wireguard server would use a kernel implementation of the WG protocol, but you have to open a port on the server side for it, and manually create the peer configuration and public/private keys for them. It is slightly faster, but not as easy to deploy or as versatile when dealing with complicated networks, dual NAT or CGNAT. Also very easy to block on networks as it does not obfuscates the traffic.

I chose to deploy a Wireguard server because it works well for my needs, but if I was behind CGNAT or connected through restrictive networks I would move to Tailscale.

[–] ElectroVagrant@lemmy.world 3 points 1 year ago

Makes sense!

I set up Wireguard simply to get a rough understanding of how to do so & to try to access some home resources while away, which works well enough across simpler network situations, but as you indicate, breaks down against more complicated network situations.

[–] limit@lemmy.world 2 points 1 year ago

Port forwarding a wg udp port is way safer than port forwarding some application to login to from the internet. At least with WG you can't even brute force it or anything, it's a lightweight protocol that requires a client cert.

[–] Hexarei@programming.dev 1 points 1 year ago

Tailscale basically uses NAT hole-punching, doesn't require any port-forwarding ever, it's great

[–] constantokra@lemmy.one 5 points 1 year ago* (last edited 1 year ago) (2 children)

Nope. But wireguard works fine and is super easy. I'd recommend something like WG-easy running on the nas. That's just one port to forward, with a reliable service behind it that does not advertise its presence. That is pretty safe.

[–] bosnia@lemmy.world 0 points 1 year ago (1 children)

Do you have a good tutorial for setting up Wireguard? I was able to setup OpenVPN easily but haven't been able to get Wireguard to let me access the internet while connected to it. Plus the Android app always says successfully connected even if the server is misconfigured.

[–] BumbleBear@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

I'm using pivpn inside a Debian container in Proxmox instead of using a raspberry pi. You can pick either OpenVPN or WireGuard during install. Mine is running WireGuard with no issues. I feel it's very easy to use.

[–] jamesa@lemmy.world 3 points 1 year ago

Cloudflare tunnels are a great alternative to port forwarding

[–] techgearwhips@lemmy.world 3 points 1 year ago

2 words: Cloudflare tunnel. Ez-PZ