+1 for tailscale. Its very easy to setup and very secure.
Comment on Safely exposing services to the Internet
wltr@discuss.tchncs.de 2 days ago
I’d suggest you to investigate either Tailscale or similar solutions. I’m using Tailscale, and it’s really easy to set up. It can automatically connect to the VPN when you access their resource, and the internet works as well. So technically, they can be connected all the time. That’s much safer than the alternative of just opening a port, and dealing with things like CGNAT.
The alternatives to Tailscale I know about are Headscale (which you need self-hosting), Netbird, WireGuard. At least, but there are more.
And search for tunnels as well. You could utilise Cloudflare Tunnel, but I wouldn’t go that way.
I’d suggest testing waters with Tailscale as it’s the easiest, and tweak from there. They have a YouTube channel which helps at starting, I found it just recently. (I use them for a year or two now.)
ItsNotImportant24@lemmy.ml 2 days ago
Australis13@fedia.io 1 day ago
Thanks. My main concern is needing to have the tailscale client set up on my relatives' devices, so it'd need to be easy to do and the configuration straightforward.
If I wanted to route just traffic to Vikunja and Immich through it, so all their other apps (if on a phone) or web browsing (on a PC) didn't go through tailscale, is that straightforward to do and is it something that has to be done in the client-side configuration?
wltr@discuss.tchncs.de 1 day ago
If you don’t setup or activate exit node, no traffic is routed through any of your nodes. All you have is the access to the nodes. Which is what you need. I tested exit nodes only recently, they’re very easy to setup as well, but I found no practical need for my use case.
I think installing and logging in should be trivial remotely. Like hey mum, install this app, and log in (trivial with Google or Apple accounts). The rest is on you. Just test the waters yourself first, you’ll get the idea, it’s pretty straightforward. Even if it’s not what you’re looking for, you’d have more information and skills to move to the next thing.
Australis13@fedia.io 1 day ago
Thanks, sounds like a potential option. I'll add to the list of things to look into and test out.
DJDarren@thelemmy.club 1 day ago
I also use Tailscale.
It’s fair to say that I don’t really know what I’m doing, so am picking my way through the world of self-hosting one lesson at a time, but even with that in mind, I’ve found Tailscale an absolute breeze to set up, even if I still don’t fully understand how it all works, and what it can all do.
In short, I have my server at home as part of my tailnet. I’ve also installed it on my Hetzner VPS, which is running YunoHost. Within YunoHost I’ve set up a bunch of redirects which take the Tailscale ips of my various services and turn them into URLs.
So in essence, my Navidrome server goes from being 100.111.11.1:4533 to navidrome.mysite.co.ck.
I’ve got Navidrome, Immich, Home Assistant, Invidious, and Jellyfin running like that, and as far as I can tell I’ve not had any security issues at all.