There is usually free tier packages available on the big cloud providers. You'll get pretty limited resources, but you will get a static IP, and the ability to run a tunnel. There will be a couple extra steps, but nothing major. You'll likely have the ability to run a couple services from there as well- maybe something to kick-start your home server if it falls over for whatever reason, or even your URL shortener.
this post was submitted on 28 Nov 2024
9 points (80.0% liked)
Self-hosting
2830 readers
1 users here now
Hosting your own services. Preferably at home and on low-power or shared hardware.
Also check out:
founded 2 years ago
MODERATORS
CloudFlare tunnel?
I wish people would stop recommending cloudflare in self-hosting communities
This. Implemented this for my homelab stuff running over StarLink and it's been great.
Dont they essentially man in the middle u? It doesn't cloudflair still require that cloudflair itself can send a request to your IP?
You run a container in your environment and it will call home to CF to make the tunnel to pass the traffic to you.
If it's just you using your self hosted server then tailscale would be my go to solution with no hesitation.
I need to shair shortened links files links etc etc. So i cant just use a vpn to for myself unfortunatly.
Tailscale funnel?
If you wish, you could always host your stuff through tor and use it as a hidden service.
That would be too slow unfortunatly.
I just use ipv6. And a simple docker container that updates my dns records. For applications that should not be exposed I use tailscale
I have starlink. I use a cheap VPS. Tailscale and Reverse proxy to selfhost. I have docker running nginx proxy manager on the VPS with a could other docker containers running on the VPS like a speedtest and a few other things because I can. The heavy things like nextcloud sit at home and via the reverse proxy points it over the tailscale tunnel to my main docker.
This is what i was thinking. I dont like the idea that i will have an extra critical failure point. Btw do u know if i can avoid the vps if i do ipv6 and drop ipv4?
I don't think so. But I haven't tried. I use the Starlink as more of a cold failover for when my LTE/5G goes down. $40/mo vs $120/mo for same speeds and LTE/5G has better latency for me. I work (tech) from home and live rural.
With DNS-fu you could have two VPS! I saw a project somewhere for nginx proxy manager that clones the settings. Then your only failure point would be the local tailscale.
Just use a dynamic dns service and expose the stuff you need to access publicly, publicly. If you want to be extra careful, or secure services that otherwise have no security, your reverse proxy should be able to forward auth, which forces people to login before the request is handled. This gives you a single point of security failure again, which I'm not seeing as any different from whatever you're thinking about with wireguard and a vps. You can also selectively configure which services use forward auth, which are fully public, and which aren't accessible outside of LAN addresses. This would give you the option to use something like Tailscale for your private stuff when away from home without having to use the forward auth.
Starlink uses CGNAT, so that is not possible since the public IP is shared between multiple subscribers.
Ah, wasn't aware of that, makes more sense now. Seems like OP needs to pipe everything through someone else's server, or fork over for the static IP, until IPv6 is finally universally functioning. I've seen good things about Cloudflare, at least as long as they aren't doing multimedia.
I think starlink has ipv6 so can i use that to fix my issues? I assume i would drop ipv4 support but fuck it.
Not sure if it's actually feasible today, but in the future when all the Internet routing and consumer devices are compliant, something something ipv6 has enough address space for every device many times over to have a unique address. I'm guessing there's still too many links in the chain that won't be setup for ipv6 to work, but it's worth your research.
Probably more realistic to work out the complication you're concerned about with reverse proxy and a VPS + VPN.