Comment on Safely exposing services to the Internet
chrash0@lemmy.world 2 days ago
i have a VPS offsite to act as a gateway. it’s just a small piece of a machine somewhere in my region that routes requests to my home network via Tailscale. this has a few benefits:
- i don’t have to worry about my ISP changing my IP. my VPS has more stable IPs.
- i don’t have to expose ports directly to the internet. Tailscale authenticates the connection. plus i have Caddy routing the whole system. i use subdomains like
foundry.chrash.net,jellyfin.chrash.net, etc. - another benefit of Tailscale to point out is that you don’t need local IPs to be static either; Tailscale will allow you to access your machines by hostname or another static IP. this helps to decouple your local topology from your service network.
Australis13@fedia.io 1 day ago
Thanks. So, just to make sure I've understood correctly, your recommendation would be a VPS that hosts nginx (or Caddy) as the reverse proxy and uses tailscale (or equivalent) to access my home LAN and make services (e.g. Vikunja) available?
chrash0@lemmy.world 1 day ago
the key is just an offsite machine with a stable IP plus a VPN. that way you can route all public traffic to that stable IP and send it where it needs to go regardless of its physical destination.
Vittelius@feddit.org 1 day ago
There are even solutions that automate a lot of the configuration for such a setup. I’m using Pangolin for example:github.com/fosrl/pangolin
But you could set up something like this manually if you want more flexibility (pangolin is based on traefic rather than Nginx)