Self Hosted - Self-hosting your services.

10946 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate.

Cross-posting

[email protected] is allowed!
[email protected] is allowed!
[email protected] is allowed!
[email protected] is allowed if topic has to do with selfhosting.
[email protected] is allowed!

If you see a rule-breaker please DM the mods!

founded 3 years ago

MODERATORS

[email protected]

How to host server outside network (sh.itjust.works)

submitted 1 year ago by [email protected] to c/[email protected]

13 comments fedilink hide all child comments

Does anyone have any advice on hosting a server to the outside world? I intend to host a Jellyfin media server and want to be able to access it remotely. I was leaning towards hosting a VPN on my network with a good password but I don't know much about that. I am looking for a free option that ideally doesn't require proprietary software and can be completely hosted locally. For reasons that I won't go into, I am a little concerned about my isp seeing the traffic to the media server. I know I am being paranoid but I don't really care. I imagine if I host it through port forwarding on the router but set up HTTPS that would encrypt the traffic and stop my ISP from seeing it, but I don't know if hosting a VPN would be easier / more secure. Thoughts?

top 11 comments

sorted by: hot top controversial new old

[–] [email protected] 3 points 1 year ago (2 children)

If you are ok with Jellyfin being public, then I would just put it in front of an nginx proxy. That way, your nginx proxy will handle SSL termination. With SSL, your ISP won't be able to inspect the traffic directly.

If you are running docker, then I'd recommend jwilder/nginx-proxy and its lets encrypt companion jrcs/letsencrypt-nginx-proxy-companion. It makes putting things behind an SSL proxy very easy! This of course assumes you have a public IP address through your ISP and aren't stuck behind CG-NAT!

A second option is to keep it private then use a VPN (this is what I do). Wireguard can be a good option although setting up each device is a bit manual, since you have to generate key pairs for each of them. This also requires you have a public IP through your ISP or have a public box that bridges your public VPN to your home network. That said, it works really well.

Tailscale is a free, but commercial option built on top of wireguard that makes set up a lot easier. If you are stuck behind CG-NAT this is probably your easiest option.

[–] [email protected] 1 points 1 year ago (1 children)

To Hijack this: If I wanted to host a public instance of jellyfin at jellyfin.mydomain.xyz, I would then need a dDNS hosted on my server, and then...? If I want to allow non-technical people to access my instances, how do I manage that? Could you point me to a guide that explains the overarching requirements that one would need for that, with a mention of examples for each service I need to host that I need to achoeve this? Because I am a bit lost atm :p

[–] [email protected] 2 points 1 year ago (1 children)

If you are running Jellyfin on a computer at home you’ll need to configure your dns with your dns provider to point to your home public ip then configure your router to forward port 443 to your Jellyfin server.

[–] [email protected] 1 points 1 year ago (1 children)

And this works even with a dynamic/non-static IP? I thought there was more hassle involved :D

[–] [email protected] 1 points 1 year ago

No, if you don't have a static IP, you will need to use a dynamic DNS solution.

You might also investigate ipv6 if your ISP provides it. Often, if they don't give you a static ipv4 address, they might assign you a static block of ipv6 addresses you can use. That makes a big assumption that you can always use ipv6 though!

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Headscale is an open source implementation of Tailscale

[–] [email protected] 2 points 1 year ago (1 children)

VPN is probably the easiest since you can use tools you're probably already familiar with, like RDP. But Guacamole is a pretty slick web interface for remote desktop to internal servers.

As far as encrypting jellyfin traffic, I'm not familiar with the specific details, but I imagine it has something similar to Plex where you check a box to require encrypted connections. With that enabled, the ISP can see that you're sending traffic over port X to IP Y, and how much traffic you're sending, but they can't see what the traffic is.

[–] [email protected] 1 points 1 year ago

the ISP can see that you’re sending traffic over port X to IP Y, and how much traffic you’re sending, but they can’t see what the traffic is.

This is true, but if they see lots of traffic to port 8096, they will be able to deduce that you're running a emby or jellyfin server, just not what content you're hosting on it.

If you want to prevent them from knowing that, you should look into housing your own vpn like wireguard or openvpn (both open source).

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Probably the easiest solution would be to use Tailscale. Although it's not open source it is free.

[–] [email protected] 1 points 1 year ago

Hosting a VPN is going to be the easiest and most secure option. There are a lot of little things that might make exposing Jellyfin tricky and could risk exposing traffic.

I would suggest starting out with a simple Wireguard VPN, which has worked for me for a while, but eventually you might consider looking at Tailscale, which simplifies a lot of it. (You can completely self host it using the Headscale server). OpenVPN has more options and its a little easier to add more devices, but it's not as fast.

[–] MorksEgg 1 points 1 year ago

I'm not sure if I'm understanding this one. But assuming that you're hosting your own server and you work away from home and want to connect in on the weekends. If you have https forced and it's also on in the app you're using to connect, any traffic between your end and the server is automatically encrypted. The only thing your ISP is going to see are data packets going from you to your server back and forth. Same if you're hosting for 10 users. All of VPN does is give you another point hop between the server and your client. Vpns are useful if you're trying to to block your ISP from seeing that you connect to a certain site on the internet. But just logging in remotely to your server it's absolutely useless.

load more comments