Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
There's nothing I'd like to do more than let the US internet-monopolizing company handle all my vpn traffic /s But without being snarky, for homelabbing purposes just use wireguard directly, it's fun and not that hard to handle. Automate peer configurations using Ansible or some other automation tool if it gets hard to manage manually.
I tried, but I don’t understand how to bypass a cgnat. With Tailscale it just works. Also, I tried Netbird, it’s very similar, and it works well too. I’d love to simplify this, but I have no knowledge at the moment. Would love someone pointing into the right direction.
CGNAT and changing IPs make this harder. What I'd consider in this scenario is renting a small vps at a local provider (a tiny/cheap machine is enough). Then use this one as a hop to your network, basically homelab->vps<-client. Here is a post that talks about something like that: https://taggart-tech.com/wireguard/
I haven't used this method personally, but I've done something similar for incoming web traffic before, when you want to host things behind a CGNAT. You can actually keep all the traffic confidential by having just an L4 proxy on the vps, then the http traffic is still end-to-end encrypted between the client and the service, so you don't even have to trust the vps provider when it comes to them snooping. They still get some metadata, but not significntly more than the ISPs.
But Tailscale is free, works very easily and reliable and it is set up in minutes. I will only be motivated to look into all that when tailscale isn't free and reliable anymore... I guess that will eventually happen at sometime in the future.
I have done basically that before and it worked. But I find Tailscale with a headscale server easier to manage. Maybe I'll take a look into selfhosting netbird at some point too.
Whatever works for you, and as long as you have an out, that's great. I've just become wary of single-vendor opensource projects to the point where I basically treat them like proprietary software. So far that's worked, but it requires some restraint from using new shiny things
Finally a reasonable person around here.
I'm trying to set up the same at some point. How do you solve the changing IP address problem?
The simplest would be having a VPS I think.
I grabbed an Oracle free-tier many moons ago. The x86 one with 4 gig of memory I think? The arm have a much more core and memory but unless you go with Pay As You Go (PAYG) account ( need a one time refundable $100 credit) it's virtually impossible to grab it.
My free tier account is sufficient as pure VPN for accessing stuff, you get 10 TB/month egress traffic. The downside is it's Oracle, and you are at their mercy ( they can purge it without notice )
I never tried it because CGNAT but maybe Dynamic DNS could also solve this.
Other than that, Tailscale / CF tunnel are a fine solution ( for now )
If you're not dealing with CGNAT, Dynamic DNS (DDNS) is relatively easy to set up, doesn't require a VPS and is designed specifically for dealing with changing IP address endpoints.
Instead of connecting using your (sometimes changing) IP address, you use a URL that dynamically updates when your IP changes. For instance, with DDNS you would access your home network using mynetwork.ddnsservice.com. The DDNS service returns your current IP and your connection can complete. Most routers have built DDNS clients that update the DDNS service when your home IP changes.
There are various DDNS services out there, but I like DuckDNS. It's free (or you can choose to donate), easy to set up and has worked flawlessly for me for years.
Yeah, you can't just use wireguard directly on a home network depending on provider (CGNAT) and you can't just switch providers as most providers are in a non-compete with other providers. So, Cloudflare Mesh or Tailscale is the best option for those.
See my comment here, https://infosec.pub/comment/21363677