For all my self hosted stuff I use nginx proxy manager behind a cloudflare tunnel. The tunnel connects to a container on the machine which sends everything to the reverse proxy. no need for vpn or port forwarding
this post was submitted on 16 Jun 2023
8 points (100.0% liked)
Self Hosted - Self-hosting your services.
11210 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules
- No harassment
- crossposts from c/Open Source & c/docker & related may be allowed, depending on context
- Video Promoting is allowed if is within the topic.
- No spamming.
- Stay friendly.
- Follow the lemmy.ml instance rules.
- Tag your post. (Read under)
Important
Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!
- Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate.
Cross-posting
- [email protected] is allowed!
- [email protected] is allowed!
- [email protected] is allowed!
- [email protected] is allowed if topic has to do with selfhosting.
- [email protected] is allowed!
If you see a rule-breaker please DM the mods!
founded 3 years ago
MODERATORS
This is the only correct answer, the other responses about only showing local ip, and hosting something that goes through a VPN are either wrong or don't result in a working configuration. A domain must resolve to an IP so connecting out via a VPN just won't work. Proxying your connection through cloudflare using cloudflareD tunnels is the answer. Users will only see the ip of cloudflare.
I think you can do it but you'll probably need port forwarding on the VPN.
Unfortunately Mullvad just cancelled this feature.
Alternatively you can run your own VPN with a VPS (and use it like a reverse proxy), then you can easily control the port forwarding.
Alternatively you can run your own VPN with a VPS (and use it like a reverse proxy), then you can easily control the port forwarding.
This latter part, please forgive me as this is the first time I'm looking into hosting a web service. My plan was to purchase a domain with Google, which would include WHOIS privacy. Is this what you're referring to here?
No, I mean have an external server (ideally with a static IP address) and point the domain to that. And then have your local machine (hosting Lemmy) connect to that server and reverse-proxy the Lemmy port.
I haven't tried it with Lemmy so I'm not 100% sure the domain settings in Lemmy would work with this setup (since the domain wouldn't resolve to your local machine where it's actually running, and maybe Lemmy depends on that). But the idea is external users would just see the VPS, and have no idea that it's actually served from your local machine over a reverse proxy there.
You'd have to pay for VPS traffic though, but aside from that it wouldn't need much hardware, so should be cheap.
But you might also want to re-consider running it locally at all in this case. If the instance is small, it might work out just the same just to host it directly in the cloud. And then you can set up automatic setup and migration with Terraform / CDK ,etc.
Alright, thank you for your help!
At best a reverse IP search can show the general area, no way someone can pin-point your house with it.
Yeah, you're definitely right about that. I would still like to prevent that from happening. I'd rather it shows the general area of a place nowhere near where I'm at.
Most people use cloudflares free proxy service and a fully qualified domain name that they own.
You could also set up a virtual private server on a host provider like linode or digital ocean and install a point to point vpn as your egress/ingress point.
I don’t think that’ll work, they likely don’t allow inbound connections to their VPN endpoints.
There are a couple options:
- Use Cloudflare Tunnels (Free)
- Use a small VPS from a company like DigitalOcean to run a site-to-site WireGuard VPN + reverse proxy
- Use a small/medium VPS from a company like DigitalOcean to host your Lemmy instance
Note: I haven’t done a review of the traffic to confirm if option one or two will leak your IP (it shouldn’t, that’s generally a problem with WebRTC), but it is a potential concern. I do use option 1 currently. Note that tunnels are limited to 100mb file uploads, but iirc there is a bug in Lemmy that effectively limits uploads to 20mb.
If I'm not mistaken to make your instance available to other people you'd have to set up a reverse proxy. And a correctly set up reverse proxy shouldn't reveal your IP, only the local IP (127.0.0.1).
I might be wrong, so ask on the [email protected], since it's more active than this community.
However renting a VPS and hosting your Lemmy instance there is probably a better idea if you plan on creating a community, since it will minimize risks (DMCA notices, bugs in the Lemmy source code that could expose your server, etc). And it would make scaling easier if your instance grows.
If I’m not mistaken to make your instance available to other people you’d have to set up a reverse proxy. And a correctly set up reverse proxy shouldn’t reveal your IP, only the local IP (127.0.0.1).
Thank you for this information, if this is correct it sounds like this isn't something I need to worry about then.
If I'm not mistaken to make your instance available to other people you'd have to set up a reverse proxy. And a correctly set up reverse proxy shouldn't reveal your IP, only the local IP (127.0.0.1).
This is incorrect. The reverse proxy only handles the internal routing, so if you're not tunneling, or otherwise obfuscating your IP, selfhosting websites exposes your IP address.
view more: next ›