Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Register a domain if you haven't already. I did two, one for internal and one for external. If you want something easy to setup, use nginx. I'm sure there are guides out there to add Let's Encrypt SSL certs to nginx. I personally use Let's Encrypt with Traefik as my reverse proxy. Traefik has a little bit of a learning curve, but once you have it setup and working, it's pretty easy to update and move around.
Once you have your reverse proxy working with a SSL cert, you can start looking at different options to expose your containers. Probably the easiest method is to point your domain to your home IP address and on your router setup port forwarding. I'm not a fan of that because it's probably the most risky exposing ports to the wide internet.
Another option is tunneling, which I think is the best. Cloudflare tunnels is pretty popular and I believe are still free. I have a cheap VPS that I have a Wireguard tunnel setup. With either tunnel option you don't have to make any changes to your home network or firewall.
Why did you register two separate domains instead of using a wildcard cert from LE and just using subdomains?
To separate my internal and external. Both my domains have wild card certs. I have a VPS that connects to my home lab. External requests hit the VPS first. Internal requests bypass the VPS and go straight to my home lab.
I could use a single domain but then my internal requests would reach out to the VPS just to go back to my home lab. I wanted to avoid that extra hop.
Forgive my stupidity, but couldn't you just use split-horizon DNS and have your internal DNS resolve to your homelab instead of the VPS? Personally, that's what I've done. So external lookups for sub.domain.tld go one way and internal lookups go to 10.10.10.x.
Yes, I could do a split DNS and achieve the same thing. I didn't really want to change my DNS settings in my router. I also just like the separation by domain name.
Do you need to actually register two different domains for that, or could the internal one use a reserved TLD like
.lan
or.internal
?I actually registered two different domains. I think using .lan or .internal would work like that. Essentially from the client machine, it needs to be able to resolve the domain name to the IP of your internal service. So say from your home PC you want to have grue.com resolve to your server. One way to do that is have a host entry on your PC to point grue.com to your server IP address. That way is easy to do and works great but will get annoying if you have multiple client machines.
Another way is if you have a local DNS server that can add locally defined DNS records. Pi-hole can do this, so that way any client machine that goes through Pi-hole will be routed to your server IP.