I use afraid.org to keep my dynamic dns pointed at my routers ip. With afraid.org dns you only need a curl statement scheduled on the open~~dns~~wrt router to keep the dynamic ip updated.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Afraid.org gives you subdomains on other people's domains, who can decide to stop letting you use them at any moment.
Self hosting doesn't mean you should host everything yourself at home, using a VPS you manage (so the data inside it is still yours) is also a viable option for selfhosting. I myself host some services at home and a few others in a VPS.
As for Dyndns, I've used a few providers over the years. DuckDNS is the one I've been using for 5 years or so and it's not failed me once. Pretty happy with it.
Maybe you could have a duckdns pointing to your dynamic IP and your domains / subdomains with a CNAME pointing to the dyndns address?
Since you run already OpenWrt, you can check out https://openwrt.org/docs/guide-user/services/ddns/client
There is a list on this page of compatible services. If you don't want to use one more service (DNS), you can use a domain registrar with an API (like porkbun) and find online tools that work with that.
Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!
That lists afraid.org as a ddns provider.
They are pretty great, I use them as my domain host.
Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!
Agree - Not something I will throw myself into.
Yes I use no-ip but have to confirm the domain name every month or so and cant use my own domain on the free tier. (Maybe im just being cheap) - Also I haven't been able to figure out how I would use / get SSL certificates.
Try duckdns, it doesnt nag you every month and it just works
Yes, I have used it in the past and it was annoying...
You can get SSL certs with letsencrypt, but you need to use the http verification method.
Not anymore, it supports txt records now
Many DNS providers have an API and are supported by various dynamicDNS clients. I use Cloudflare and the built in client on my Opnsense router.
OpenWRT should have a client too that supports a bunch of services.
VPS with a tunnel between it and home services (Wireguard/Tailscale, etc)in my opinion is Best Way as it isolates your home gateway (no open ports, because you make outbound connections to your VPS), and let VPS handle Identity and Access Management
(Or an equivalent isolating architecture).
Alternatively, Tailscale has a Funnel feature which can route public traffic into your Tailscale network. Though I don't love this approach, it does work for low-volume connections.
+1 for using Tailscale funnel Don't use a lot of resources and easy to setup
I'm using cloudflare as my nameserver and the free API seems to work just fine with ddclient.
Script that checks your external IP and updates your DNS provider via API.
There are two options, one is tunneling (e.g. tailscale, cloudfare tunnels, or a VPS either with special software or plain old SSH port forward constant connection). The other option, the most popular answer (I think, influenced by how yoy asked) is Dynamic DNS or DynDNS (e.g. duck, hurricane, freedns, etc.) this second one is like the classic solution.
You can get super cheap VPSs and use them just as a reverse proxy (with access via VPN). I host 11 servers using one single-core VPS as a reverse proxy. All data resides on premises, in house. I pay 10/yr for VPS. It definitely does not defeat the purpose.
Yeah maybe I need to consider this.
From where can you get a VPS for that price?
Check out low end box. I found coupons for racknerd. I have one VPS that's $10/yr, another that's $18/yr. I've had zero downtime in the 18 months I've used them. No complaints from me. YMMV of course.
Get your own domain, find a free DNS service that provides an API, and it becomes a simple matter of updating a DNS A
record whenever your IP changes.
Here's a starting point: https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438
Don't use a DynamicDNS service, they're usually crap and they make you depend on a domain you don't own.
Namecheap domains include a dynamic DNS application for free and it works well. Be aware that it only runs on Windows.
also keep in mind for people not on windows, namecheaps API only functions for business grade, and also is not clearly documented, there is a "dynamic dns setup page" but it isn't up to date. I find myself trying to use openwrt's DDNS pages for it but it still isn't accurate, I am likely going to transfer elsewhere when im closer to the end of my lease. This API restriction also prevents you from easily automating your SSL process using letsencrypt as you are locked down to subdomain based entries instead of wildcard domains.
Free Dyndns services seem to be a bit crap
Why do you say that? https://freedns.afraid.org/ and https://www.duckdns.org are very solid and if you're looking for something more corporate even Cloudflare offers that service for free.
DuckDNS is great... but they have had some pretty major outages recently. No complaints, I know it's an extremely valuable free service but it's worth mentioning.
If you go down the VPS route, a headscale server on a cheap $3.50 VPS would be the way to go. Wouldn't even have to deal with IP addresses at that point, while still being able to self-host all your services, with the cheap VPS being a glorified switch/firewall.
I think you got enough recommendations for several tunneling solutions.
Apart from that (and free DynDNS) you could also use a regular paid DNS provider. Some of them also offer DynDNS or an API. I think I saw some regular providers in the list of my DynDNS client on my router, next to the super cheap or free ones.
Wow thanks everyone. I think I need to take another look at some of the DynDNS provides and digest all your great feedback.
Id like to go beyond personal self hosting stuff and maybe run some stuff that requires Federation. Im just thinking at the moment.
I've used big names like ns1 and Cloudflare for free.
Cloudflare has an api for easy dynamic dns. I use oznu/docker-cloudflare-ddns to manage this, it's super easy:
docker run \
-e API_KEY=xxxxxxx \
-e ZONE=example.com \
-e SUBDOMAIN=subdomain \
oznu/cloudflare-ddns
Then I just make a CNAME for each of my public facing services to point to 'subdomain.example.com' and use a reverse proxy to get incoming traffic to the right service.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
DNS | Domain Name Service/System |
HTTP | Hypertext Transfer Protocol, the Web |
HTTPS | HTTP over SSL |
IP | Internet Protocol |
SSH | Secure Shell for remote terminal access |
SSL | Secure Sockets Layer, for transparent encryption |
TLS | Transport Layer Security, supersedes SSL |
VPN | Virtual Private Network |
VPS | Virtual Private Server (opposed to shared hosting) |
nginx | Popular HTTP server |
9 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #891 for this sub, first seen 27th Jul 2024, 19:35] [FAQ] [Full list] [Contact] [Source code]
You can pay for dyndns service which should be more reliable than free ones. I don't have any experience with those, so I can't give any recommendations. What I'm running is that I use few of the free ones which are updated either from my router or from a linux VM and I've just pointed few easy to remember CNAME records from my own domain to those dynamic addresses. It's not the best thing in the world, but my dynamic IP tends to be pretty static as it usually changes only when my own hardware is down for a longer period of time (few hours or so, so a longer power outage or a hardware maintenance gone wrong).
I use digital ocean as dns host. They have an API, so I check my IP with a script and update if needed.