this post was submitted on 13 Aug 2023
72 points (96.2% liked)

Selfhosted

40347 readers
565 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Right now I’ve been using Tailscale because it automatically adapts to my network conditions. If I’m at home, it’ll prioritize local network connection, but when I’m out and about, it’ll automatically beam a direct connection or use a relay.

One gripe I have about it is I can’t run it alongside my normal VPNs on my mobile devices. I have to choose between one or the other.

I have tried Cloudflare Tunnel before, but using it for streaming, like Jellyfin, is forbidden. There’s also the added latency and slowness to having to hop through multiple DCs to reach Cloudflare and back.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago

Currently I have a bastion host running a hardened distro, which establishes a reverse proxy tunnel to its ssh port via my $4/mo VPS using rathole, an excellent reverse proxy utility I switched to from frp.

I also maintain a Tor hidden service pointed at the bastion host's ssh port and another on a different internal host. These are so that I can still get in if the bastion host, my VPS, or certain aspects of networking are down for some reason.

Eventually I will implement port knocking / single packet authorization by deploying fwknop on some or all of these services to further enhance security.