Hi, this is my first post on this subreddit. I’ve been self-hosting various applications (Syncthing, Pi-hole, Navidrome, Jellyfin, Actual…) for almost two years now, and I want to take a step forward by accessing my resources from the public Internet.
I’ve been researching for one year about topics like port forwarding, reverse proxying, setting up VPN, and moving to a VPS; and I recently started trying Microsoft Azure’s Standard B1s VM. However, I can’t devise an acceptable and satisfactory solution.
These are some of my concerns:
- I don’t want to apply for static IP and port forward from my router to my modem to the public Internet.
- I need a sustainable solution since most VPS providers are too pricey for me.
I’m open to every type of suggestion; you can criticize my concerns, too :)
CF Tunnels. Based on a reverse proxy in the cloud with a VPN between local and CF. So different from a direct IP connection.
Or: IPv6 could be a way out.
The typical way involves something outside your network acting as a proxy. Your home network VPNs to this proxy, then the proxy sends requests down to your homelab.
I used a VPS and a VPN, I would connect to the VPN endpoint on the VPS, and then route all traffic back down to home.
You can also run a reverse proxy on the VPS, so it does TLS for clients, and speaks to the servers direct over the VPN.
Another option is things like Cloudflare tunnels, which means cloudflare does the “VPS and VPN” part of the above, but the tradeoff is that your have to trust cloudflare, rather than yourself (may be a positive or not depending on your perspective).
Lastly you could use something like tinc (which needs something on the outside to act as a negotiator) to form a mesh between NAT’d devices.
Tailscale.
Oracle gives free VPS, permanently free. Have a backup of these VPSes though, Oracle sometimes (haven’t experienced it myself, but some people here did) kills these VPSes.
/r/Zerotier or /r/Tailscale
with the caveat that this entails installing a application on the client device that accesses the server & whitelist it - so workable if you’re accessing your server using your own phone/laptop, not so much on a random company PC or your friends.
If you want ‘random’ externals accessing your server, you’ll have to VPN out to a third party server that forwards ports, or host the entire thing in the cloud.
If you want ‘random’ externals accessing your server, you’ll have to VPN out to a third party server that forwards ports, or host the entire thing in the cloud.
Check out Tailscale Funnel
You could also use zrok.io. It’s an open source alternative which can be self-hosted or has a free SaaS. It also includes cool features like ‘private sharing’ (which means both sides can be private with no inbound ports). I work on the parent project.
vps + boreing proxy
Need your own domain that supports wildcard subdomains. Pretty easy to set up though and works well.