The absolute easiest way to securely access your server from over the internet would be to use tailscale or similar, but then you'd have to connect to the vpn service whenever you wanted to access those servers from outside your local network.
this post was submitted on 31 May 2026
23 points (89.7% liked)
Selfhosted
59572 readers
657 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
I was pondering the same for last couple of days and had some thoughts on how to make it feasible. My research led me so far to 2 prerequisites:
- must have Anubis in front
- must have a WAF solution in place that covers at least OWASP Top 10
I found pretty good Caddy documentation that covers both, so I think I’ll deploy a secondary Caddy reverse proxy that’ll perform such ops for public facing services.
Of course, I currently have only 1 Caddy instance reverse proxy ing my internal services, haven’t reached the part on traffic handling when my devices are connected to the “safe network” (aka my home LAN)
I run my server on the internet, and my security is crowdsec + geo ip block (well, white-list my country's ip but same idea) and authelia.
Using this setup, I barely ever have even bots randomly pingig me, let alone anyone trying to access my NAS.
To mitigate the risks you could put the local server into its own network where it cannot reach anything else in your home.
Get you a vps and start! Or if you don't want to pay extra money host a tor service. You don't have to open ports for that.
@Kkk2237pl What are you using for a router? A good uptodate version of something like ooenwrt, a separate subnet running on a different vnet and firewall zone.
Why the vps?
Deco
@Kkk2237pl Im no expert so you know take everything with a grain of salt but for me i flash all my routers with #openwrt including #tplink stuff... Butnthat gives me everything i need.
You probably do.everything with stock firmware though
@Kkk2237pl Can I suggest that you start with something simple where as much as possible is templated - im like a broken record on this but i use #yunohost simply because heaps of people are using the same config.