How do you access your self hosted services (for private use)?

miniopt

I’ve been looking to move away from Google and Apple services for a little while now. Seafile looks solid for replacing Google & iCloud Drive, I might run Joplin and Collabora Online too.

I was thinking I would WireGuard into my server(s) and access them from there because I’m a little concerned about making them public facing especially since I’d like not to avoid using Cloudflare, meaning no DDoS protection + exposed IP.

So how do you personally go about accessing your self hosted services, VPN or public facing?

Jack_SBE

Cloudflare zero access is a win for me.
Run everything localhost and then point dns over the tunnel. You can setup access policies to verify google, or even a basic auth header for api/services if you need.

WyvernCo

Wireguard is excellent

kait

Wireguard.

akhfa

https://github.com/fosrl/pangolin if you want the opensource version of cloudflare tunnel

tentor

@miniopt said:
I was thinking I would WireGuard into my server(s) and access them from there because I’m a little concerned about making them public facing especially since I’d like not to avoid using Cloudflare, meaning no DDoS protection + exposed IP.

Realistically speaking, I doubt that anyone will DDoS some random self-hosted Seafile or Joplin instance, but I would consider risk of it being vulnerable due to not updating fast enough.

Depending on how you plan to use it, HTTP Basic Auth in front of your services might be a good idea to prevent bots from accessing your services while being able to access them even without Wireguard.

miniopt

@akhfa said:
https://github.com/fosrl/pangolin if you want the opensource version of cloudflare tunnel

I didn’t know about Pangolin, that sounds perfect. Thanks.

fendix

Tailscale all the way

CloudHopper

I'm using Headscale, (self-hosted Tailscale), so I have barely any publicly exposed ports. I tried Pangolin but I have too many servers that I need to interconnect, so self-hosting a Tailscale coordination server works best for me, (because I'm way past the Tailscale free-tier).

JohnFilch123

Wireguard if you have public IP. Otherwise, tailscale/headscale or pangolin (uses newt under the hood, which is pretty much WG or can use old fashioned WG).

vuanhson

tailscale to create private network within all of my devices and servers for private use. Pangolin to expose some service for public/friend so they don't need to mess with tailscale.

wii747

Tailscale for me

davidlozano

Pretty much Tailscale + Cloudflare for me. Wireguard is nice but Tailscale really makes everything easier (and the ACLs are particularly important for me).

Cloudflare is for services I want to share with other people. I would rather not be tech support when someone messes up the Tailscale config, or doesn't turn it on and they cannot access their password manager, or something else.

mbjones

I used Cloudflare Zero Access for awhile but switched to Tailscale and haven't looked back. It's been perfect and lets me keep everything locked down (unless it needs to be public facing for some reason).

subb

tailscale / headscale for sure. easy enough yet secure.

dedipromo

I just expose everything to public..

darkimmortal

WireGuard and socat tunnelling udp between 2 ports on a cheap vps as a cgnat bypass

DeadlyChemist

Netbird
Or well... simple host it, most of them have a password

CloudHopper

@DeadlyChemist said:
Netbird
Or well... simple host it, most of them have a password

I really want to like Netbird, but their Android client is shit compared to Tailscale's. I just want to be able to switch exit nodes from my phone but they still haven't added it.

rasping5978

I primary use wireguard to access home resources. but i do have unifi vpn as a backup. might explore tailscale one day again as i had issues connecting my domain

DeadlyChemist

@CloudHopper said: I really want to like Netbird, but their Android client is shit compared to Tailscale's. I just want to be able to switch exit nodes from my phone but they still haven't added it.

never used exit nodes so idk

MikeA

I use CloudFlare and Tailscale, because I'm lazy.

jugganuts

netbird

NaXal

My self hosted services are behind CG-NAT

I use a cheap, but geographically located close to my place, 1core/1gb VPS with OpenVPN tunnel to expose my self hosted service outside for public access and access that via my public domain.

Thanks.

insivimu

Cloudflare Tunnel for other users (I have an allowlist in Cloudflare Access) and Tailscale for my devices.

yoursunny

Seafile

• It has a public address.
• Seafile has built-in authentication.

Docker Registry

• Read operations are public.
• Write operations are on a separate hostname but still public address.
  HTTP Basic Authentication and IP filters are deployed on this hostname.

qBittorrent and HTTP server for downloaded content

• They have private addresses.
• Authentication is disabled.
• All instances are connected via Wireguard.
• The residential network is part of the Wireguard subnet too.
• All instances are directly accessible from the residential WiFi, but cannot be accessed elsewhere.

farsighter

Port knocking and hole punching 🤪

igctt

cloudflare tunnel and access.
wireguard is also an option, but i don’t know if the traffic is large, it might got limited easily as it based on udp

vinhais

Pritunl + WireGuard.

TrK

Tailscale, CloudFlare and Frp. Works like a charm, always.

Mrfly

Nginx proxy manager + cloudflare + domain. Works great and no need to open ports.