New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do you access your self hosted services (for private use)?
I’ve been looking to move away from Google and Apple services for a little while now. Seafile looks solid for replacing Google & iCloud Drive, I might run Joplin and Collabora Online too.
I was thinking I would WireGuard into my server(s) and access them from there because I’m a little concerned about making them public facing especially since I’d like not to avoid using Cloudflare, meaning no DDoS protection + exposed IP.
So how do you personally go about accessing your self hosted services, VPN or public facing?
Comments
Cloudflare zero access is a win for me.
Run everything localhost and then point dns over the tunnel. You can setup access policies to verify google, or even a basic auth header for api/services if you need.
Wireguard is excellent
Wireguard.
https://github.com/fosrl/pangolin if you want the opensource version of cloudflare tunnel
Realistically speaking, I doubt that anyone will DDoS some random self-hosted Seafile or Joplin instance, but I would consider risk of it being vulnerable due to not updating fast enough.
Depending on how you plan to use it, HTTP Basic Auth in front of your services might be a good idea to prevent bots from accessing your services while being able to access them even without Wireguard.
I didn’t know about Pangolin, that sounds perfect. Thanks.
Tailscale all the way
I'm using Headscale, (self-hosted Tailscale), so I have barely any publicly exposed ports. I tried Pangolin but I have too many servers that I need to interconnect, so self-hosting a Tailscale coordination server works best for me, (because I'm way past the Tailscale free-tier).
Wireguard if you have public IP. Otherwise, tailscale/headscale or pangolin (uses newt under the hood, which is pretty much WG or can use old fashioned WG).
tailscale to create private network within all of my devices and servers for private use. Pangolin to expose some service for public/friend so they don't need to mess with tailscale.
Tailscale for me
Pretty much Tailscale + Cloudflare for me. Wireguard is nice but Tailscale really makes everything easier (and the ACLs are particularly important for me).
Cloudflare is for services I want to share with other people. I would rather not be tech support when someone messes up the Tailscale config, or doesn't turn it on and they cannot access their password manager, or something else.
I used Cloudflare Zero Access for awhile but switched to Tailscale and haven't looked back. It's been perfect and lets me keep everything locked down (unless it needs to be public facing for some reason).
tailscale / headscale for sure. easy enough yet secure.
I just expose everything to public..
WireGuard and socat tunnelling udp between 2 ports on a cheap vps as a cgnat bypass
Netbird
Or well... simple host it, most of them have a password
I really want to like Netbird, but their Android client is shit compared to Tailscale's. I just want to be able to switch exit nodes from my phone but they still haven't added it.
I primary use wireguard to access home resources. but i do have unifi vpn as a backup. might explore tailscale one day again as i had issues connecting my domain
never used exit nodes so idk
I use CloudFlare and Tailscale, because I'm lazy.
netbird
My self hosted services are behind CG-NAT
I use a cheap, but geographically located close to my place, 1core/1gb VPS with OpenVPN tunnel to expose my self hosted service outside for public access and access that via my public domain.
Thanks.
Cloudflare Tunnel for other users (I have an allowlist in Cloudflare Access) and Tailscale for my devices.
Seafile
Docker Registry
HTTP Basic Authentication and IP filters are deployed on this hostname.
qBittorrent and HTTP server for downloaded content
Port knocking and hole punching 🤪
cloudflare tunnel and access.
wireguard is also an option, but i don’t know if the traffic is large, it might got limited easily as it based on udp
Pritunl + WireGuard.
Tailscale, CloudFlare and Frp. Works like a charm, always.
Nginx proxy manager + cloudflare + domain. Works great and no need to open ports.