Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
A solid workaround is an ssh reverse tunnel with gateway ports enabled. You can do it for pennies with a cheap VPS.
With this option you open an ssh tunnel outbound and then you can connect back through it from the other side for whatever local services you want to run.
You first need a VPS with a public IP. Here's a guide that explains it: https://www.howtogeek.com/428413/what-is-reverse-ssh-tunneling-and-how-to-use-it/
Just remember to enable gateway ports in the VPS side sshd.conf and disable or adjust any firewall on the VPS so the internet can come in through the VPS ip address and tunnel back to your local system.
While I use ssh tunneling to access systems on a temporary basis, usually http, some caveats:
I don't know of a daemon to set up locally that will re-establish tunnels on power loss and the like. Not technically-difficult, but something one probably wants if this is going to be how he's gonna get at the system long-term rather than "I just need one-off access".
One other downside -- the service that the user here is aiming to expose is apparently ssh. For me -- reaching an http server -- wrapping the connection for remote use is desirable. For him, it probably isn't, as there'll be two layers of encryption. Not the end of the world, but it's a hit. You do want encryption in the outer protocol at least insofar as you need it to protect authentication to the VPS anyway.
I need more ports to be exposed - I'm running secure DNS, Git on one port, Webmin on other, Jelllyfin (I can live without that on data), HTTP server on 800/443, Homeassistant 8123,... I also had 3389 open for remote desktop to my Windows machine, etc.
You can reduce some of those ports by using a reverse proxy. Do that you can access git home assistant etc from 443 with a subhuman.
For reestablishing the connection, use the wrapper 'autossh'. It can be run from systemd so that it'll auto start and restart as you command it.
I have a couple instances using this that are absolutely rock solid after years.
How does the data throughput compare to cloudflare or wireguard?
I'm the grandparent commenter, not the parent commenter, but for my very limited use, it's not noticeable, but I'm also typically just giving a remote machine access to a local web service. I'm not trying to tunnel anything bulk (or where latency is critical, which I'd think might be a larger issue).
The one thing I can say, though, without digging up numbers: ssh is fundamentally TCP-based. It forces ordering on anything it transports. While there are ways to cram UDP through an SSH tunnel, that's gonna impose an unwanted constraint. if you want to provide access to anything that natively runs on UDP, I'd probably look into a UDP-based VPN -- like Wireguard -- that doesn't do that.
Haven't done any comparisons, but I'm using this in cases where my throughput isn't too important. I can stream my webcam over it in HD, establish an rdp connection, ssh back through, and control web interfaces like octoprint. It's acceptable.
The big advantage is that a $2/month vps gets a static IP, therefore I don't have to worry about a VPN provider changing the IP or blocking ports.
Tunneling an encrypted connection through an encrypted connection is pretty much always a bad idea but when you're evading CGnat or other network blocks, sometimes it's the best we can conjure up on a whim.
That setup will yield off the chart latency if your VPS is not near your location 😱
For sure. If you really need to host thrn get the right package of internet services for that activity. If you need a fast fix for a small issue, this method gets around most ISP attempts to block hosting.