Comment on How to use a domain I own to self-host services?
Blaster_M@lemmy.world 3 days ago
A record with your IP address, AAAA record with your IPv6 address. If these addresses change often, either setup a dyndns (your DBS provider needs to support this) or pay for a Static IP from your ISP. Firewall the hell out of your network, have a default deny (drop) inbound rule, and only open ports for your service. Use an nginx reverse proxy if possible to keep direct connections out of your service, and use containers (docker?) for your service(s). Don’t forget to setup certbot and fail2ban. You need certbot to auto update your certs, and you need fail2ban to keep the automated login hacker bots from getting in.
That’s the minimum. You can do more with ip region blocking and such, as well as more advanced firewalling and isolation. Also possible to use Tailscale and point the DNS to the Tailscale IP, which will eliminate exposing youd public IP to the internet.
gedaliyah@lemmy.world 3 days ago
If I use Tailscale as described, how will a request connect to the tailnet? Is there anything you can link that explains how to do this?
Blaster_M@lemmy.world 2 days ago
Wheb you put your server’s tailscale IP in the dns, anything that looks up that dns gets the tailscale IP. You only need to connect the devices you want to have connect to the server to the same tailscale network, and your system will handle the routing.
gedaliyah@lemmy.world 2 days ago
Okay, that makes sense. Would that help to set up NextCloud or other services that require https?
It doesn’t really help with connecting my calendar to an external scheduling app that is not based on my device.