A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Wow, so my understanding of the terms 'reverse proxy' and Tailscale must be wrong then, because I thought they were mutually exclusive. I'll go do some more research, unless someone feels like explaining how you can do both at the same time.
Also, I think the 'Risks' section of this page is informative:
I think self hosting the proxy with the services at hobbyist scale mitigates most of the security risks. The single point of failure risk is another matter. I once had to effectively reverse-hack my services by uploading a Jenkins test job through an existing java project to regain access. Ever since then, I maintain a separate ddns address that's just used for emergency ssh access.
I know that feeling ! My first service hosted via docker + Treafik outside my lan with a wireguard tunnel felt like a big dopamine hit ! Congrats !
Now I have over 20 services and It feels trivial :( I still love the easy to read/write syntax of Treafik ,however I feel like I'm missing a lot of important networking knowledge while avoiding Nginx !
Maybe one day when I'm too bored I will switch everything to Nginx, see how it goes !
Congrats! I just pulled off the same thing last week using cloudflare tunneling? The phrase “reverse proxy” scared me too much lol. So props to you.
I just got this set up last week too. Same setup with caddy on a free oracle vps, tailscale on vps and home pfsense router, tailscale on pfsense advertising routes (private IPs of my docker hosted services).
CGNAT sucks 🤮
Tailscale?
Is this setup advisable for the CGNATED environment?
You will need a VPS as your other endpoint
Ah, I figured... I used to do this with Wireguard instead of Tailscale.
Just be sure to read up on network security and set yourself up for success! Even tunnels can still be an attack surface. Always keep everything up to date! And plan for the worst case.
me too like last week!!! yay us!!
haven't gotten oauth going yet but soon
Nice work! 😎
Quick, now lean a firewall with a good IDS
and fail2ban
I've been wanting do something similar, but with Authentik. Does anyone know a good guide on this?
Yes! Authentik is a great self-hosted OAuth platform. They actually publish integration guides in their documentation.
Integrate with Immich
There is an official guide by Authentik on how to integrate with Immich. There is an official guide by Immich on how to integrate with Authentik.