bless

joined 2 years ago
sorted by: new top controversial old
Access home server from anywhere in c/selfhosted
[–] bless 45 points 1 year ago (16 children)

I would go with wireguard VPN or something like cloudflare tunnels or tailscale. With wireguard you'll need to open up an external port and forward to your VPN host, but wireguard uses UDP so no one can probe it for responses. CF tunnels and tailscale you don't have to open up holes in your firewall which is nice.

You also have the option of using a proxy and opening up 443 publicly on your firewall, but unless you know what you're doing I'd leave that closed until you learn more.

Setup a DNS server on a dynamic public ip in c/selfhosted
[–] bless 1 points 1 year ago

Yes

Setup a DNS server on a dynamic public ip in c/selfhosted
[–] bless 5 points 1 year ago* (last edited 1 year ago) (3 children)

I would get a domain name and use ddns to update your rotating IP. Then I would setup wireguard VPN in split tunnel and have your parents network tunnel back to your piholes for dns resolution.

I use cloudflare API for ddns updates but there are plenty of choices for that. If you're using cloudflare for DNS just keep in mind you can't proxy the DNS entry for the ip for your VPN host as CF only forwards traffic over certain ports and they are not configurable (on free plan anyway not sure about paid).

Help me trash my FireTV stick in c/[email protected]
[–] bless 2 points 1 year ago

Don't get rid of it, install Kodi and/or Plex on it

I finally figured out how to virtualize my OPNsense firewall. Suck it, Roku. in c/selfhosted
[–] bless 17 points 1 year ago

+1 for dst nat on googles dns servers back to my piholes

/r/AskReddit Comments Per Day, Graphed in c/reddit
[–] bless 2 points 1 year ago

Ditto

Can you give me some hints? I have problems with Docker install in c/selfhosted
[–] bless 2 points 1 year ago

The error is telling you you already have something listening on port 80 so docker is unable to bind to 80 again until that is released. Try disabling nginx and apache as you stated.

You can run

netstat -pln

to show you what's running on what port on your host is you want to verify

*Permanently Deleted* in c/technology
[–] bless 1 points 1 year ago

Yea I should read better

I’m about to throw my entire Pihole out the window in c/selfhosted
[–] bless 1 points 1 year ago* (last edited 1 year ago)

For infrastructure critical services I recommend reservations on the DHCP server and then set static assignment on the device for the IP reserved in DHCP. This way if the device ever fails over to DHCP for any reason the IP will not change. I'll usually also leave some small address space outside the DHCP scope available for static assignment if needed, usually at the front and usually around 20 IPs max as it's easier to let DHCP do the heavy lifting.

Static IPs are important on infra critical devices if you ever find yourself in a situation where the DHCP services are not available, you don't want them to be a single point of failure.

Just my 2 cents.

*Permanently Deleted* in c/technology
[–] bless -1 points 1 year ago (2 children)

Better to set the DHCP server to hand out the dns rather then set it device by device

*Permanently Deleted* in c/technology
[–] bless 23 points 1 year ago (17 children)

Wait till you plug in your cell phone to charge they start calling home like crazy

security by no security? in c/[email protected]
[–] bless 6 points 1 year ago

Blank cred is like the first thing that is tried, right before 1234, admin, and password

view more: ‹ prev next ›