this post was submitted on 06 Feb 2024
19 points (85.2% liked)

Selfhosted

40347 readers
401 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
19
submitted 9 months ago* (last edited 9 months ago) by palitu@aussie.zone to c/selfhosted@lemmy.world
 

Hey y'all!

I am after the colelctive expertise of this fantastic community. My family and i are moving overseas for a year for a pacific adventure, which leaves my hosting setup in a bind. We will be renting out our house and i will need to move all of my 'servers' (read laptop and NAS) out.

All of my services are in docker.

My main services that i MUST keep are:

  • Immich
    • 600Gb or so
    • very important as we will be taking a HEAP of photos.
  • paperless
  • vaultwarden
  • custom location tracking service
  • radicale

I would also like to make it so that all of my media is still available, but i may need to get a set up at a friends house. I have jellyfin plus a bunch of *arr's

I was thinking a mix between at a mates house and a cloud server.

any thoughts?

edit: a lot of my services are exposed publicly, via Nginx proxy manager.

you are viewing a single comment's thread
view the rest of the comments
[–] ptz@dubvee.org 9 points 9 months ago* (last edited 9 months ago) (9 children)

Are any of your services public facing? If so, you might want to make the VPS your reverse proxy and VPN server and have your stack at your friend's house connect to the cloud server via VPN. The reverse proxy on the VPS would connect back over the VPN to the equipment at your friend's house.

This would prevent your friend from having to open ports in their router and from exposing their IP to the world (beyond their normal traffic, that is).

Plus, it would allow you to VPN-in to manage as well as have a "kill switch" should you need it (cyberattack, etc)

I would not run any of the *arrs on a network that is not yours (even if you have them routed through a VPN). It puts a liability on your friend and may eat up their bandwidth.

And definitely make sure your friend knows what they'll be hosting for you and how it may impact their network.

[–] palitu@aussie.zone 4 points 9 months ago* (last edited 9 months ago) (1 children)

Are any of your services public facing?

Yes. i think that is like a "bastion" server, or something like that. good idea. I expect that i can get more-or-less free VPS, and just run the NPM and tailscale or something there.

I would not run any of the *arrs on a network that is not yours

Good thought, i dont think i would need it whilst i am away anyway.

And definitely make sure your friend knows

yep, responsible hosting :D

thanks for the thoughts.>

[–] lemmyvore@feddit.nl 1 points 9 months ago

Well not free VPS (if you want it to be semi-reliable) but within $3-5/mo.

You don't need to run your NPM on the VPS (although it does make things easier). You can:

  • Forward the whole interface to your server and just sort things out there. Downside: all visitors will appear to have the VPS's IP.
  • Do DNAT/SNAT one the VPS to make the forwarded connections appear to have the original remote IP instead of the VPS. Downside: a bit more complicated (a few firewall rules).
  • Install a very basic nginx proxy on the VPS whose whole job is to put the original remote IP in a HTTP header, and on your server NPM use that header. Downside: you have to terminate and restart the TLS connection on the VPS.
  • Use SSH tunnels instead of VPN tunnels. A VPN forwards a whole interface, a SSH tunnel forwards a single port. You will still have to deal with the IP thing. Additional downside is that it only works for TCP, it's not worth bothering to forward UDP. But it's much simpler to set up than a VPN, basically one command (or autossh to maintain it automatically).
load more comments (7 replies)