Selfhosted

40149 readers

665 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Looking for feedback on simplifying self hosting (lemmy.blahaj.zone)

submitted 6 days ago by sem@lemmy.blahaj.zone to c/selfhosted@lemmy.world

29 comments fedilink hide all child comments

Hi all,

I started self hosting nextcloud only. Now I have a domain name and I would like to selfhost more services and websites on subdomains without having to open up more ports on my router.

Is it reasonable to use a reverse proxy server to avoid opening up more ports?
Can I use a reverse proxy manager that simplifies SSL certs, etc?
Can I put the HTTP/HTTPS services behind a reverse proxy, behind a free cloudflare DNS proxy to mask my IP address?
And put other non-http services on the real IP address.
Will all of this be more prone to failure and slow compared to forwarding 443 and 80 directly to my nextcloud server?

The other services I would like to eventually host and have accessible externally are

Jitsi
Mastodon instance (hoping to make some bots that mirror other social media to bring them into Mastodon)
blog website
Veilid maybe
OpenVPN over TCP on 443 (to get through restrictive firewalls on e.g. school wifi networks that don't whitelist domains)
Synology to Synology backup.

I'm hoping to use Yunohost on a RPI to simplify hosting a lot of these things.

Here's my plan where I'm looking for feedback. Am I missing any steps? Are my assumptions correct?

Install reverse proxy on yunohost; configure cloudflare DNS and freedns.afraid.org to point towards the reverse DNS server.
Configure the reverse DNS to redirect various subdomains to

the raspberry pi running nextcloud
the other raspberry pi running openvpn
the Synology running the backup service
services running on the yunohost raspberry pi

I have not been able to find good documentation about how to configure the yunohost reverse proxy, or how to deal with HTTP headers, or have correct certificates on all the subdomains as well as the reverse proxy. Looking for advice on how to move forward and or simply this setup.

you are viewing a single comment's thread
view the rest of the comments

[–] possiblylinux127@lemmy.zip 2 points 5 days ago (1 children)

I would avoid exposing services to the internet especially in a home network. I would look into Tailscale.

[–] sem@lemmy.blahaj.zone 1 points 4 days ago* (last edited 4 days ago) (1 children)

In a perfect world I would do this, but for nextcloud at least, I have to be able to access it from public computers where I cannot install and configure tailscale.

Sometimes I want to share services with friends and family too.

And Synology support for tailscale sounds like it's finicky unfortunately.

[–] possiblylinux127@lemmy.zip 1 points 4 days ago* (last edited 4 days ago)

Don't access Nextcloud from public computers as that is very bad for security.

If you must expose it to the internet I would strongly recommend all of the hardening stuff and isolating the deployment to its own vlan with limited access. Remember to follow least privilege and defense in depth. You can find more information on these two concepts online. Account for two pieces of software having serious security issues. (Thus have multiple layers an attacker needs to bypass plus monitoring)