this post was submitted on 13 Nov 2023
3 points (100.0% liked)

Self-Hosted Main

511 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

One perk that someone told me about is that you can use your domain to get around not having a static IP (because the DNS will compensate).

If I were to get a Cloudflare domain name then what would be some other pros and cons?

top 38 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 year ago (2 children)

> One perk that someone told me about is that you can use your domain to get around not having a static IP (because the DNS will compensate).

No this wont really help you with that. A domain name ('A' record in a DNS provider such as Cloudflaire) is simply a pointer to an IP address. If you configure this with a non-static address (e.g. your public IP provided by your ISP) then this will at somepoint change and therefore no longer resolve. You would then need to manually update the IP in the DNS record each time.

There are services you can run locally to automate this update (check on your router) called Dyanmic DNS. DDNS will basically call a configured endpoint to automate the change.

> If I were to get a Cloudflare domain name then what would be some other pros and cons?

Personally I set up an A record to point my domian `mydomain.com` to a local IP (19.168.1.x) which is running NGINX proxy manager. With a wildcard CNAME such as `*.mydomain.com` I can add all my local services in NPM with valid letsencrypt certificates.

Now I never need to use IP's/ports as I can:

- Access all my local services via valid SSL certs

- Manage them in a single place (NGINX proxy manager)

- Use nice looking URL's using subdomains (e.g `https://router.mydomain.com`)

- Same with email addresses. I can use `[email protected]` - which I have configured in Cloudflare to forward to my primary gmail account (Just add a `MX` entry).

[–] [email protected] 1 points 1 year ago

You can auto update your up on cloudflare with a docker container. I'm sure they have an app.

[–] [email protected] 1 points 1 year ago

I have the same setup except I'm using dynv6. Is there a guide I can follow to set this up?

[–] [email protected] 2 points 1 year ago (3 children)

One benefit for me that wasn't immediately apparent is a custom email, paired with something like proton mail and simple login I turned it into a catch all.

It's fantastic. Company asks for a email, sure. [email protected]. Now, I can sort anything that arrives to walmart@ right into the spam box. Doesn't matter what address they'd send it from.

Fucking. Brilliant.

[–] [email protected] 1 points 1 year ago (1 children)

This. I've done this since 2003 (when I got my first custom domain + email) and I've discovered several forums, services and companies that have either sold their databases or (most probably) got hacked and never made it public.

Pro-tip: If you are going to give out the address face to face, they might not trust you or not understand when you tell them that your email address is [email protected]. I even had a store blatantly refusing to type that into their system. So, I started using ROT-13 to encode the company/service name, and just telling them the address is [email protected]. Nobody has ever asked why my email address was so unpronounceable.

[–] [email protected] 1 points 1 year ago

I usually get "oh, do you work for...".

No, it's just my spam filter.

"Why?"

"Because I have strict rules where if the sender and recipient don't match, it gets deleted and I'll never see it."

And then there's the ones that are like "check your spam folder"...

"I don't have a spam folder, because every company has their own email address, so I either get it or I don't, depending on YOUR system and whether it works properly".

True or not, "technical jargon" doesn't really get questioned after a certain point.

[–] [email protected] 1 points 1 year ago (1 children)

I miss the days when you could just do [email protected] when signing up on a website, but now everyone either outright rejects it as invalid or parses it out.

It was useful because you could see who was selling your email address, but that exposed too many companies and was losing them $$$ so they patched it :(

[–] [email protected] 1 points 1 year ago

See, I keep reading that. Idk for sure if it's because I use a custom domain, but no company has rejected me yet. Closest I got was a, "Is this a real email address?" "Yes" "That's so cool! How is your email [email protected]?"

[–] [email protected] 1 points 1 year ago (1 children)

Does this work with Google Workspace/gmail? And how do you do it? If you’re at some new store say hshsb do you create the email before you go or while you’re there?

[–] [email protected] 1 points 1 year ago

You can point simple login to your exosting Gmail account, sure. Simplelogin is a paid service.

[–] [email protected] 2 points 1 year ago

it’s pretty sick. i got all my home services SSL terminated with subdomains that aren’t resolvable outside my network. I configured a nice ULA addresses doled out by my dhcp6 by modifying the ipv6 RA to solicit managed ipv6 dhcp and send updates to named so even my apple devices can reach out to them (apple devices tend to fallback to external DNS if AAAA dns records aren’t found)

[–] [email protected] 2 points 1 year ago (3 children)

You'd need to implement Dynamic DNS to update the records. DNS alone won't do that.

[–] [email protected] 1 points 1 year ago (1 children)

There are docker containers that auto update cloudflare a records for dynamic IP.

[–] [email protected] 1 points 1 year ago

Is there a guide I can follow? Currently I'm using dynv6 and have a bash script that updates my ipv6 every 10 mins or so.

[–] [email protected] 1 points 1 year ago

Correct. I used NOIP for years until I realized that 1) my IP address is static and 2) my home IP address was being exposed. (Pretty obvious I know but sometimes I am slow on the uptake 😃)

My solution was to get a $5 per month vps and reverse proxy and reverse ssh tunnels.

The $5 / month VPS ($60/year) was pretty much the cost of NOIP per year to use custom domains.

[–] [email protected] 1 points 1 year ago (2 children)

Might as well use a Cloudflare tunnel.

[–] [email protected] 1 points 1 year ago

Yeah, Cloudflare tunnel takes care of the dynamic DNS. It has limitations, which is why I switched to Caddy and Nginx, but Cloudflare is relatively easy to set up for n00bs and I highly recommend it.

[–] [email protected] 1 points 1 year ago

Adds latency and now Cloudflare sees all your traffic

[–] [email protected] 2 points 1 year ago (4 children)
  • good-looking domains instead of IPs
  • tons of subdomains instead of ports
  • universally recognized TLS certs via Let's Encrypt. DNS challenges are the way to go - you don't even have to expose your HTTP server
  • dynamic DNS, again available via API
  • [email protected] (better not to self-host, but to use an email provider)
[–] [email protected] 1 points 1 year ago (1 children)

tons of subdomains instead of ports

Just to be clear for OP, that applies only for protocols that "support DNS" as in, they send the DNS in the protocol.

The one I have in mind: http(s) and emails.

Games, FTP and most of the protocols don't.

[–] [email protected] 1 points 1 year ago (1 children)

Still a bit wrong. You can use things like Portzilla and make it so that certain subdomains are for certain game servers.

[–] [email protected] 1 points 1 year ago

Hum, then I am missing something because portzilla is just a reverse proxy by the look of it

This mean:

  • you need to use http (games and ftp don't)

Or

  • you have multiple IPs (one per sub domain if I want to go with the examples from portzilla).

I assumed OP was in IPV4 and only has one IP.

Just to be sure from my other assumptions (kinda ELI5)

  • DNS doesn't exist on the transport layer. It is converted to an IP and your computer just try to connect to that IP. So whatever DNS you use, if they point to the same IP you have no way to distinguish from what "DNS" they want to go.

This is how networking works. Only with IP, no DNS.

  • some applications (http), added support for DNS. When the user type a DNS, even if your computer still use IP to reach the server, the browser will introduce itself by telling the server the DNS it tried to reach.
[–] [email protected] 1 points 1 year ago
  • universally recognized TLS certs via Let's Encrypt. DNS challenges are the way to go - you don't even have to expose your HTTP server

Just a note, as we've had this discussion before: DNS ACME challenges will publish the FQDN of every service you encrypt to a public record, which some sites will scrape up. Just in case this bothers some people.

[–] [email protected] 1 points 1 year ago (1 children)

universally recognized TLS certs via Let's Encrypt. DNS challenges are the way to go - you don't even have to expose your HTTP server

I use DNS challenges for mine as well, but I have been manually renewing my cert every time. Is there a way to automate letsencrypt/cerbot renewal when you use DNS challenges?

[–] [email protected] 1 points 1 year ago

can recommend acme.sh if on Linux

[–] [email protected] 1 points 1 year ago (4 children)

Wanted to expand on your custom domain for an email since this is something I do to get a more professional email address to put on my resume. A lot of DNS services like Cloudflare or NameCheap will actually let you create email addresses off of your custom domain that will just forward to a different email of your choosing, and generally free or very very cheap as well. If you want to be able to actually send emails from your custom domain, you can setup a Google Workspace account with a single seat for $5 a month and have a fully hosted email solution that uses your custom domain name.

[–] [email protected] 1 points 1 year ago (1 children)

Can also do this with iCloud+ for 99 cents a month.

[–] [email protected] 1 points 1 year ago
[–] [email protected] 1 points 1 year ago

Proton mail will let you do wildcard email and it's only $3-4 a month. If you need smtp support then you can just setup a hydroxide container.

[–] [email protected] 1 points 1 year ago (1 children)

better to use zoho. Zoho mails provides you 5 free custom email for free and zeptomail allows you to send k emails for 1 dollars

[–] [email protected] 1 points 1 year ago

When I used Zoho Free, many of my emails would end up in people's spam folders. My domain is certainly not on any blacklist, it was pointed correctly and with the security and domain validation features enabled and everything configured properly. Deployed it to small business clients as well and same result.

Gmail doesn't seem to like Zoho.

What seemed to work like a charm was to use iCloud+ Custom Email and just add my custom domain addresses as aliases on Gmail. It's like having a custom domain Google Workspace without paying anything (apart from the iCloud subscription that gives you a ton of space for all your data).

[–] [email protected] 1 points 1 year ago

more professional email address

Does it even work?

[–] [email protected] 1 points 1 year ago

Subdomains for easy external access to local web apps.

[–] [email protected] 1 points 1 year ago

Cloudflare tunnels so I don't have to open any port in my network. You can do this even with the Cloudflare free tier. And the byproduct is DNS for free for your domain name, I actually moved the Cloudflare because DNS was getting too expensive with my domain name provider.

[–] [email protected] 1 points 1 year ago

If you have dyn, just use dyn. Some people don't want to pay.

[–] [email protected] 1 points 1 year ago

One thing that wasn’t mentioned: I can use *.internal.domain.com and not have that routed on public DNS (using my own DNS with pihole + unbound or adguard). Of course still valid certificate for that domain.

It feels good using a domain name I can type it and secondly *.domain.com IS publically routed, meaning all external services go there. The internal stuff I can only access via Tailscale (which automatically uses my dns).

[–] [email protected] 1 points 1 year ago

I've recently set up hard coded local entries for router.domain and nas.domain but not got around to adding printer.domain yet. In theory it is quite possible to define static DHCP entries for a bunch of different containers with bridged network interfaces then add entries for individual services like filemanager.domain and mediastreamer.domain and downloader.domain and cctv.domain etc.

[–] [email protected] 1 points 1 year ago

I get to see who verifies email addresses correctly with my @example.blue email addresses. Most people get it with minimal correction, but even Apple doesn't programmatically do it correctly.