I run ddclient on a local machine and it updates my Cloudflare DNS records if my IP changes.
OPNSense has it built in too, if you use it. So does PFSense, I think. Been a while, might be misremembering.
this post was submitted on 02 Jul 2023
98 points (95.4% liked)
Selfhosted
40129 readers
1363 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
I use duckdns.org , but if you are trying to host a webpage I totally recommend using Cloudflare, Cloudflare tunnels and a reverse proxy like nginx.
Setting it up may be a bit tricky, but it is a gamechanger. I followed Ibracorp's guides and I had no problem.
I've been using freedns.afraid.org for about a year now.
I've also been on freedns.afraid.org for many years. Back when I switched from dyndns, it wasn't possible to get Let's Encrypt certificates on afraid.org's domains, but that might have changed. I worked around it by taking a domain I already owned and using a CNAME to point it at my afraid.org domain.
I use Let's Encrypt on my domains, but they're domains that my afraid.org subdomains point to.
I host my own ddns server in a debian container https://wiki.debian.org/DDNS
Here we go down another rabbit hole... 😆
Right!!!! Lmao 😂 same boat as ya lol
DNS managed by Cloudflare, and cf-ddns
2nd, but with just a bash script. Also, I'm forwarding http & https to different IPs and the best thing about cloudflare is that you can restrict those ports to only be open when coming from cloudflare's proxy. I like the extra layer of security, and dislike that they can see all traffic..
If you only need public access to things like HTTP or SSH you don’t necessarily need to run dynamic ip and just setup Cloudflare Tunnels. So far I haven’t needed to put anything public that doesn’t run on the provided tunnels.
Where are the settings for these tunnels located in Cloudflare? I was looking around the website last night but didn't have any luck.
Look under the Zero Trust category and then once there you'll see another menu item called Access. There you'll find Tunnels, in addition to Tunnels you can add an Application in the same Access menu to create policies that only allow certain clients to connect.
load more comments
(1 replies)
load more comments
(3 replies)
I'm using DuckDNS, it has a plugin for pfSense / OpnSense.
I use a Cloudflare tunnel rather than a dynamic DNS provider. Some in the self hosting community are opposed to Cloudflare, but I appreciate the tools they provide (especially Zero Trust so I can put my self hosted apps behind Okta).
+1 for tunnels, easy to use and no port forwarding required
I use DuckDNS. There's been only one outage for the ~2 years I've been using it and it's free. I also use DuckDNS to acquire the SSL certificates for the reverse proxy.
I also use duckdns, but in the last year it went down like twice or something. Its good but not really reliable.
How gave you set it up out of curiosity?
If you mean automatically update IP part, duckdns website has a very comprehensive guide.
If you mean getting a free SSL certificate, you can use acme.sh (this is what I used) which has integrated support for duckddns (To use let's encrypt you need to use --server letsencrypt in your command)
load more comments
(5 replies)
your domain provider probably has an api to update dns records i use cloudflare with their api because then i can hide my ip behind their proxy or if i don't have a public ip i can use their tunnels
Tunneling is one of the better options out there tbh.
Does your domain provider have a DDNS service? I buy my domains from namecheap.com and use their DDNS service for exactly what you're describing.
I have NameCheap as well. I found their Windows client after I made this post. I'm still curious is there are better services out there. It seems Cloudflare may have the best tools for security for a webserver, i.e. hiding the real IP address.
Cloudflare has a lot of great tools and provides service to most of the internet. Some folks don't like how much of internet traffic is routed though Cloudflare... sort of like Google and if that's not a bother then it may be a good choice.
load more comments
(1 replies)
First step would be to ensure that you can do port forwarding.
- Check if your IP address isn't a private one or CGNAT.
- Now set up reverse proxy and try connecting to your service. If it connects, you are okay.
- Now this is something i didn't know could happen but it did end up happening to me. I was happily port forwarding for a few months, until suddenly my port forwarding stopped working. Now I called my ISP, they said they did nothing(my ISP is a few guys who have no Idea about what they are doing, the other option to them is 512kbps DSL connection) at this point all my ingress ports are blocked and even outgoing ssh is blocked. Then the new month starts and everything is working again. I looked at my ISP website to get an idea of what may have caused this and the case seems to be that it was the first time I crossed 100GB in uploading. So my ISP has configured things such a way that port forwarding only works for the first 100GB of uploading.
This is why I strongly recommend cloudfare tunnel or any other similar solution.
I use this container, favonia/cloudflare-ddns, for Cloudflare and my domain.
My IP isn’t technically static but it hasn’t changed in the 3 years I’ve been with this ISP.
This. But I use namecheap and the built in tool on pfsense to keep an A record up to date if it ever changed.
load more comments
(3 replies)
dedyn.io
If you're using godaddy, you can use a script to do your own dynamic DNS:
https://www.instructables.com/Quick-and-Dirty-Dynamic-DNS-Using-GoDaddy/
I also use this.
Have had to update it in tiny ways in the last ~ 7 years?
@[email protected] dyndns worked fine. Duckdns is a preferred among self hosters. Also your domain name provider might also offer dynamic dns sometimes
The easiest thing to do is to use https://www.duckdns.org/ and then point your domain as a CNAME to this duckdns subdomain.
Afraid.org is what I've been using ever since dyndns started charging big prices for what used to be free.
DNS-O-Matic (recommended by CloudFlare, among others) combined with SWAG and Authelia will handle dynamic DNS, reverse proxying, SSL certificates, and MFA. SWAG (nginx, Let's Encrypt and Certbot) and Authelia (MFA) run nicely in a 2 container Docker stack.
Mine have been running for ~18 months on my NAS, though I have a fixed IP so no longer use a DDNS provider.
I use myfritz.net for my homeserver. It is included in the routers of AVM 🐱
I use cloudflare and have a dyndns client running on my synology nas
Aside from a brief scare a couple of months ago, when the owner/operator was unreachable and the configuration interface and some automatic update paths were not working, I have been using afraid.org, and it has proven to be a stellar service, and free for basic needs.
duckdns and ydns
I've been using https://dnsomatic.com/ for a long while now. It updates Cloudflare which manages my DNS. It updates DNS at other providers too which is useful.
My router is able to send DDNS updates to it.
view more: next ›