this post was submitted on 11 Jun 2026

24 points (90.0% liked)

Selfhosted

59781 readers

1005 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

What to do after getting a domain name? (programming.dev)

submitted 10 hours ago by ICastFist@programming.dev to c/selfhosted@lemmy.world

19 comments fedilink hide all child comments

I recently found out that you can get up to 3 free .eu.cc domain from GNAME, which also claims that you can renew for free when its within 90 days of expiring. So I got one to check it out.

Obviously, the next step is making one of my local machines act as the target destination for any queries to the address, so it becomes accessible for the wider web. I'm not entirely sure, however, what to configure on GNAME (there's the option to setup A and AAAA records, which I suppose I should just point to my IP, but there's also CNAME, TXT, NS, SRV and what configurations/programs my local server (rPi 3) needs to have running besides a webserver (Apache2 or Nginx)

My intent is to have it run a single-user fediverse server, possibly friendica, as it seems to have the best support for seeing all sorts of APub posts. If that proves too heavy for my old pi, I'll try one of the lightweight APub alternatives

I know I'll also need to do some configurations on my router, so I'd appreciate help on this, too.

top 19 comments

sorted by: hot top controversial new old

[–] lemmyvore@feddit.nl 2 points 3 hours ago (1 children)

First of all I would suggest getting your own domain. There's many TLDs and ccTLDs that will let you get a domain for $10/year or much less.

If you don't want to pay then at least get a subdomain from somewhere reliable. Preferably a DNS service because you also get DNS management this way. My recommendation is DeSEC because it's a German, privacy-oriented non-profit and it has a modern interface and modern features like an API, security tokens, support for recent record types, DNSSEC etc. And if you later decide to get a paid domain you can keep using DeSEC for it very easily.

Secondly, does your fediverse single-user server really need to be exposed to the internet to get updates? Can't it pull them from other servers? That way you would reduce your risk a lot.

[–] ICastFist@programming.dev 1 points 1 hour ago (1 children)

First of all I would suggest getting your own domain.

Isn't this what I just did? mydomain.eu.cc Even if I can't get it to renew for free next year, the experience of setting stuff up should be worth it.

really need to be exposed to the internet to get updates?

From my limited understanding of APub, it needs to be exposed/findable in order to send updates and for my user@server to show up. I'll be reading https://www.w3.org/TR/activitypub/#server-to-server-interactions to know better

Can’t it pull them from other servers?

Tunnel through an existing server? Or what, exactly? Wouldn't connecting through an existing fedi server also enforce its blocklist down to me?

[–] lemmyvore@feddit.nl 1 points 25 minutes ago

Isn't this what I just did? mydomain.eu.cc

I mean the second part from the end (.eu.). That's not yours, and that means that the mydomain. part can dissapear at any time. The owner can also do all kinds of unpleasant things that can affect your online presence.

By "your own" domain I mean getting something of your own in that 2nd spot instead of "eu". It doesn't have to be on the .cc registry, it can be any established TLD like .com, .net, .org, it can be a country TLD aka ccTLD like .cc, .nl, .de and so on, or it can be a so-called "novelty" domain like .dev.

Having your own domain means you can own it in perpetuity (well... old, established TLDs are better at this than novely TLDs) and have much better control over it.

Visit a domain registrar like Porkbun and have a look through their TLDs, check some prices, the privacy of your personal data etc.

Avoid registries that allow "premium" domains, it means that the registry can suddenly decide that the domain you own is very cool and force you to pay hundreds or thousands for the next renewal or lose it.

Wouldn't connecting through an existing fedi server also enforce its blocklist down to me?

I'm not entirely sure on how you propose to use your server: if you just want to read stuff or also want to be able to post.

Your server can do things with another server in two ways, by exposing an open port and allowing the other server to do stuff locally through that port, or by connecting to a port opened on the other server and doing stuff there.

If the fediverse protocol mandates having a local port open to do stuff like posting, it may be impossible to avoid doing it.

[–] Cyber@feddit.uk 6 points 7 hours ago (2 children)

Kinda overlapping other replies, but to answer your question: A = your external IPv4 address

The rest could be empty AAAA = an external IPv6 address NS = a DNS server MX = Mail Server

TXT is just text, but it can be used by, ie Lets Encrypt to prove you own that domain for your SSL certificate

If you open TCP 80 / 443 on the open internet EVERYONE will probe you, but you want to run a Friendica server, so you kinda need that (disclaimer: I do not know how Friendica is setup)

So, you'll need something (firewall, Fail2Ban, etc) to protect your server whilst also allowing it to federate to other servers.

I'd strongely suggest you put your server on a VPS with a provider that has some level of defense already setup for you.

I wouldn't run this in your home network with putting it into a DMZ of some kind.

[–] Brewchin@lemmy.world 5 points 3 hours ago

If you're not using a domain for email, the MX record should not be left empty, as it can still be used maliciously.

Following a guide like this (it's one of many) will ensure it's not used at all:

https://www.mailhardener.com/kb/hardening-unused-domains

[–] lemmyvore@feddit.nl 4 points 3 hours ago

Should probably note that "DMZ" in this context means a separate VLAN. Because the term is also commonly used to mean "DMZ host" where a router exposes a machine directly to the Internet. You want the former, not the latter.

But, more to the point, a beginner really shouldn't be exposing anything to the Internet. 🙂 Running a public service as a person who doesn't know how domains work will not end well.

[–] Oha@lemmy.ohaa.xyz 6 points 7 hours ago (1 children)

point the AAAA/A records to your corresponding ips and allow incoming traffic on port 443, 80 on your Firewall. You may also need to set up a dyndns client if your isp changes your ipv4 frequently.

[–] ICastFist@programming.dev 1 points 1 hour ago

Yeah, I'll need to set that dyndns, my IP4 isn't fixed. Haven't checked the IP6 tho, might try it later today - leaving the router turned off for some 10 minutes, then turning it back on will give me the answer

[–] helix@feddit.org 6 points 8 hours ago (2 children)

Don't run services like these on a free domain. Get a very cheap domain from almost any provider. These free ones often try to get you to buy their domain name for outrageous prices with tricks and footnotes.

[–] ICastFist@programming.dev 3 points 1 hour ago

"premium" .eu.cc domains go for 10 dollars from them. The ones they let people have for free are less than 2 USD for registration and yearly renewal. I'm willing to lose these domains if they try to charge for it

[–] non_burglar@lemmy.world 2 points 7 hours ago (1 children)

Just live with a terrible name and it will keep being free. I've had my mooo.com subdomains for years.

[–] riccardo@lemmy.ml 5 points 4 hours ago* (last edited 4 hours ago) (1 children)

that is actually not terrible at all ^

[–] lemmyvore@feddit.nl 4 points 3 hours ago

Worth noting that FreeDNS domains can be a mixed bag. Anybody can add or remove the base domains at any time because they're lended freely. The owner can also arbitrarily decide to delete your subdomain, or reserve it for themselves, or even hijack its use, its TLS certs etc.

The top 7 domains listed there (including mooo.com) as owned by "josh" are somewhat better than the others because Josh is the owner of FreeDNS. So those domains will be around for as long as FreeDNS will, and you know Josh is not gonna hijack your subdomain. But be wary of using any other domain there (or putting your own domain up for use).

[–] potatoguy@mbin.potato-guy.space 6 points 10 hours ago (2 children)

In your scenario, I would prefer to tunnel to the outside, as it could be risky to just open a port on your router and open a port on your computer. In this case, pointing the IP to a vps that your PC tunnels to or putting the record in cloudflares DNS, that way no automatic port searcher will try to nuke your network. There is dynamic DNS too.

There is cloudflare and other options too.

Edit: I do this with cloudflare, but privacy is very much not given with them.

[–] lemmyvore@feddit.nl 2 points 3 hours ago

An unauthenticated tunnel is still an ingress path same as an open port, just with more steps.

[–] ICastFist@programming.dev 2 points 9 hours ago (1 children)

As I don't have any VPS, it sounds like I'll have to rely with cloudflare's tunnel then? That or register with one listed here? https://github.com/savyasathe/free-vps

[–] potatoguy@mbin.potato-guy.space 4 points 9 hours ago

There are oracle's free VPS too.

[–] A_norny_mousse@piefed.zip 3 points 9 hours ago* (last edited 9 hours ago) (1 children)

Do you have a static IP? Just point your domain to that. I only have A- MX- and CNAME-record. A is for the numerical IP. MX is for mail, I don't use it. CNAME is for subdomains afaics (currently only contains www).

All fields are comma-separated lists.

NS stuff is for if you're running a nameserver and I never even looked into it.

[–] tburkhol@slrpnk.net 2 points 3 hours ago

A records return the numerical address of a name.

CNAME returns a different name for a name. Basically 'synonym' so the maintainer only has to change the one master, A record when the IP address changes. Convenient to use CNAME to point www.example.com to example.com, but you can use it just as well to point example.com at my.private.host.xyz You can even chain multiple CNAMEs to make it easier to manage a complex backend structure while presenting a simple address to users.