I’ve been dabbling with selfhosting for a bit now (home assistant and nextcloud), but it’s clear that I lack a fundamental understanding of networking. For example:
- I’ve got OpenWRT on my router, but no idea what I’m doing when it comes to firewall settings, DNS, DHCP, etc.
- I’ve got a domain thru Porkbun, but no idea how to properly setup my DNS settings there to route to my local machine.
- I’ve got NGINX running in a docker container in a VM and can get to the UI on my local network, but no idea what I’m doing wrong with my attempts at a reverse proxy.
Does anyone here have links to a good in-depth tutorial series for learning about securely selfhosting?
You basically never want to expose your local network to the internet. The most secure and simple way are either Tailscale or WireGuard combined with a VPS that is exposed to the internet and takes all the beating.
Yeah, the primary reason people end up exposing things to the internet is because of friends and family. I can call my tech-illiterate “anything more difficult than logging into Facebook has her throwing up her hands in defeat, saying it is too hard, and tech is just too complicated these days” mother-in-law and walk her through setting up Plex… But that only works because Plex is exposed to the internet. If I had to walk her through setting up Tailscale on her living room TV before she could connect, it would be a non-starter.
This what I was trying to setup when I first started (with Nginx, domain and free tier version of Google Cloud). I wasn’t able to get it all running with Nginx and HTTPS.
I use Tailscale and Nginx Proxy Manager. Very easy to get it running. I use DNS Challenge with my Domain Provider. The Domain points to my Tailscale IP. So I don’t need to open anything.
I use a similar setup with Traefik instead of Nginx PM, and Headscale instead of Tailscale. It is almost the same kind of setup.