There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Getting back into things and wondering how you all self host your stuff?

Hi everyone, first time posting since the Reddit went nuclear on sanity. With the advent of Lemmy, I finally got around to booting my home-server back up and stood up my own instance :)

How do you all self host stuff? I’ve been happily running Nextcloud, Home Assistant, Plex, etc locally, but none of that has been internet facing. As I’m getting back into this I want to share stuff with my friends and family and getting them all to use a VPN seems like a stretch.

Wondering if the general consensus is that it’s better to put shit on a VPS, on your own HW locally (with firewalls, safeguards, etc) or some combo of the two?

outcide ,
@outcide@lemmy.world avatar

I have a small vps and a Nuc at home.

Vps is for things that are important enough that I want to be able to fix them if they break when im away from home (Vaultwarden, linkding, wiki, blog etc).

Server at home is for stuff that needs lots of disk (Jellyfin, gonic, AudioBookShelf etc) and is where I screw around and try new stuff.

Services at home are exposed to internet via cloudflare tunnels (grrr cgnat).

dotslashme ,

I run my self hosted stuff on a k3s cluster at home on bare metal, then use cloudflare to protect the IP and access only by VPN.

silver ,

I have both a Hetzner root server (it’s nicely beefy) where I host all my public stuff (website, api’s, Lemmy instance etc) and my homelab which is more personal media (Plex, 'arrs, Gitlab, wireguard, dydns)

The Hetzner box is configured using NixOS (config).

Homelab is mostly configured with docker compose, though I have plans to switch over to nixos to nail down the config. I am using cloudflare for my dns and created a smol cli tool to update a record there with my public ip address (homemade dydns). This is used by Wireguard to give me access to everything hosted there. Even though everything is hidden away from the Internet I still have https on everything thanks to dns verification.

(hastially typed up over breakfast so it may be a tad disorganised, feel free to ask any question if ye have any)

Nibodhika ,

Things that I need to be internet facing run on an actual server, most of my stuff is hosted on a laptop in my living room and I use tailscale to access it from outside the house, but I mostly consider that a plus and wouldn’t depend on it.

NewDataEngineer ,

I second this. I only access anything internet facing via tailscale.

The only question I have now, is how do I let family and friends access certain services without tailscale?

I’m thinking a vps with something like authelia in the front that tunnels into my server via tailscale.

Nibodhika ,

I just give them access through tailscale, but then again I don’t have many people who need access to what I host.

nick OP ,

Gotcha, yeah this is running on a set of boxes that I’ve been using as my homelab for a few years. Some of those have graduated to homeprod and that’s where I’m getting stuck. I want to share Plex and the like with my family who are 2500 miles away.

Definitely would setup tailscale or a VPN between the houses if I was closer. At this distance, maintenance would be a nightmare even though my dad and brothers are very tech savvy.

Nibodhika ,

I live in Ireland, I have family in Brazil that access my server via tailscale. It’s not the best experience, but I think it’s the best I can do with a home hosted server. Exposing stuff to the full internet is a security nightmare.

dartanjinn ,

For public facing, I use Cloudflare tunnels. For VPN access from across the divide, I use tailscale and pivpn depending on use case.

Most of my servers are hosted locally on a separate vlan and firewalled off from my internal network.

nick OP ,

How are those tunnels? Saw those in my dashboard last time when I was looking.

I’ve got Wireguard set up and that’s been good and lightweight for me. Also have everything firewalled off onto it’s own VLAN with ACLs so my data is locked down. That took forever to implement but loving it so far.

The internet facing stuff is on a completely separate box with read-only access to a pretty limited NFS share for retrieving content off the NAS :)

dartanjinn ,

I use them a lot actually. I really like them. It’s really useful for things like vaultwarden access from any machine, anywhere. I also host a humhub instance for my mother’s bible study group and a couple informational sites behind them. It pushes all of the traffic through 443 without having to fiddle with SSL. I wouldn’t lean on it for major website without local SSL but for small use cases like mine it works great.

Wingy ,

Cloud is best for reliability, but a good option that sacrifices that reliability but keeps some security benefits is to put a reverse proxy on a VPS and connect just your servers by a VPN.

nick OP ,

Gotcha that’s fair. Everything I’ve previously had internet facing has always been behind a reverse proxy with Let’s Encrypt, but it’s been years since I did that. I’ll look into the VPS reverse proxy option, thanks!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • lifeLocal
  • goranko
  • All magazines
    •