Hi everyone, first time posting since the Reddit went nuclear on sanity. With the advent of Lemmy, I finally got around to booting my home-server back up and stood up my own instance :)

How do you all self host stuff? I’ve been happily running Nextcloud, Home Assistant, Plex, etc locally, but none of that has been internet facing. As I’m getting back into this I want to share stuff with my friends and family and getting them all to use a VPN seems like a stretch.

Wondering if the general consensus is that it’s better to put shit on a VPS, on your own HW locally (with firewalls, safeguards, etc) or some combo of the two?

  • Wingy@lemmy.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Cloud is best for reliability, but a good option that sacrifices that reliability but keeps some security benefits is to put a reverse proxy on a VPS and connect just your servers by a VPN.

    • Nick@nickbuilds.netOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Gotcha that’s fair. Everything I’ve previously had internet facing has always been behind a reverse proxy with Let’s Encrypt, but it’s been years since I did that. I’ll look into the VPS reverse proxy option, thanks!

  • dartanjinn@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    For public facing, I use Cloudflare tunnels. For VPN access from across the divide, I use tailscale and pivpn depending on use case.

    Most of my servers are hosted locally on a separate vlan and firewalled off from my internal network.

    • Nick@nickbuilds.netOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      How are those tunnels? Saw those in my dashboard last time when I was looking.

      I’ve got Wireguard set up and that’s been good and lightweight for me. Also have everything firewalled off onto it’s own VLAN with ACLs so my data is locked down. That took forever to implement but loving it so far.

      The internet facing stuff is on a completely separate box with read-only access to a pretty limited NFS share for retrieving content off the NAS :)

      • dartanjinn@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I use them a lot actually. I really like them. It’s really useful for things like vaultwarden access from any machine, anywhere. I also host a humhub instance for my mother’s bible study group and a couple informational sites behind them. It pushes all of the traffic through 443 without having to fiddle with SSL. I wouldn’t lean on it for major website without local SSL but for small use cases like mine it works great.

  • Nibodhika@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Things that I need to be internet facing run on an actual server, most of my stuff is hosted on a laptop in my living room and I use tailscale to access it from outside the house, but I mostly consider that a plus and wouldn’t depend on it.

    • NewDataEngineer@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I second this. I only access anything internet facing via tailscale.

      The only question I have now, is how do I let family and friends access certain services without tailscale?

      I’m thinking a vps with something like authelia in the front that tunnels into my server via tailscale.

      • Nibodhika@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I just give them access through tailscale, but then again I don’t have many people who need access to what I host.

    • Nick@nickbuilds.netOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Gotcha, yeah this is running on a set of boxes that I’ve been using as my homelab for a few years. Some of those have graduated to homeprod and that’s where I’m getting stuck. I want to share Plex and the like with my family who are 2500 miles away.

      Definitely would setup tailscale or a VPN between the houses if I was closer. At this distance, maintenance would be a nightmare even though my dad and brothers are very tech savvy.

      • Nibodhika@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I live in Ireland, I have family in Brazil that access my server via tailscale. It’s not the best experience, but I think it’s the best I can do with a home hosted server. Exposing stuff to the full internet is a security nightmare.

  • Outcide@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I have a small vps and a Nuc at home.

    Vps is for things that are important enough that I want to be able to fix them if they break when im away from home (Vaultwarden, linkding, wiki, blog etc).

    Server at home is for stuff that needs lots of disk (Jellyfin, gonic, AudioBookShelf etc) and is where I screw around and try new stuff.

    Services at home are exposed to internet via cloudflare tunnels (grrr cgnat).

  • Silver Golden@lemmy.brendan.ie
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I have both a Hetzner root server (it’s nicely beefy) where I host all my public stuff (website, api’s, Lemmy instance etc) and my homelab which is more personal media (Plex, 'arrs, Gitlab, wireguard, dydns)

    The Hetzner box is configured using NixOS (config).

    Homelab is mostly configured with docker compose, though I have plans to switch over to nixos to nail down the config. I am using cloudflare for my dns and created a smol cli tool to update a record there with my public ip address (homemade dydns). This is used by Wireguard to give me access to everything hosted there. Even though everything is hidden away from the Internet I still have https on everything thanks to dns verification.

    (hastially typed up over breakfast so it may be a tad disorganised, feel free to ask any question if ye have any)

  • dotslashme@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I run my self hosted stuff on a k3s cluster at home on bare metal, then use cloudflare to protect the IP and access only by VPN.