I’ve been dabbling with selfhosting for a bit now, but it’s clear that I lack a fundamental understanding of networking. For example:
- I’ve got OpenWRT on my router, but no idea what I’m doing when it comes to firewall settings, DNS, DHCP, etc.
- I’ve got a domain thru Porkbun, but no idea how to properly setup my DNS settings there to route to my local machine.
- I’ve got NGINX running in a docker container in a VM and can get to the UI on my local network, but no idea what I’m doing wrong with my attempts at a reverse proxy.
Does anyone here have links to a good in-depth tutorial series for learning about securely selfhosting?
I am relatively sophisticated on LAN/local services (been running Raspberry Pi since 2018 or so), I was never able to setup a reverse proxy to get a true self-hosted system (i.e. remote access); got roadblocked by nginx and setting up letsencrypt on my domain.
In general, true remote access if IMO exponentially more difficult and demand.
For anyone starting out with self-hosting, I would strongly recommend LAN/local services and you can relatively easily multiple very useful and powerful services (SMB/NAS, Jellyfin, Pi-hole, Qbittorrent-Nox).
I would suggest looking into DietPi, it’s IMO the best RaspberryPi/SBC distribution there is you want things to just work and not bug you. Very helpful developers and community too.
You basically never want to expose your local network to the internet. The most secure and simple way are either Tailscale or WireGuard combined with a VPS that is exposed to the internet and takes all the beating.
Yeah, the primary reason people end up exposing things to the internet is because of friends and family. I can call my mother-in-law and walk her through setting up Plex, but that only works because Plex is exposed to the internet. If I had to walk her through setting up Tailscale on her living room TV before she could connect, it would be a non-starter.
This what I was trying to setup when I first started (with Nginx, domain and free tier version of Google Cloud). I wasn’t able to get it all running with Nginx and HTTPS.
I use Tailscale and Nginx Proxy Manager. Very easy to get it running. I use DNS Challenge with my Domain Provider. The Domain points to my Tailscale IP. So I don’t need to open anything.
I use a similar setup with Traefik instead of Nginx PM, and Headscale instead of Tailscale. It is almost the same kind of setup.