Journey into self-hosting

Submitted ⁨⁨2⁩ ⁨months⁩ ago⁩ by ⁨SturgiesYrFase@lemmy.ml⁩ to ⁨selfhosted@lemmy.world⁩

So, I have a rpi4b that’s currently running a VPN for family abroad. I’m just finishing setting up Ubuntu server 24.04LTS(I have limited number of USB sticks, and the largest is only 8gb, so this choice was one of size, I can go into ones I had considered before) on an old laptop. For my small business I’ve also bought a domain for a work email, and eventually a website both are/will be hosted externally as I don’t want to faff about with securing those aspects on my home network. The VPN though, that is currently pointing to no-ip dns service, and I want to migrate that to both the laptop and my own registered domain. What’s best practices here? I do need the VPN to exit through to my network, so that my MiL can watch UK streaming from abroad(TV licence shenanigans).

source

Comments

Sort:hotnew top

themachine@lemmy.world ⁨2⁩ ⁨months⁩ ago
I’m not entirely sure what the actual question is. Can you rephrase what exactly you are trying to accomplish?

source
- SturgiesYrFase@lemmy.ml ⁨2⁩ ⁨months⁩ ago
  VPN needs to come in from my domain IP, but exit from my network. What network security best practices should I be implementing?
  
  source
  - themachine@lemmy.world ⁨2⁩ ⁨months⁩ ago
    Best practicescomeas down to what you do or do not want the VPN clients to access. This mostly comes down to routing and firewall rules.
    
    So, what should your users have access to?
    
    Also what is the vpn?
    
    source
    -> View More Comments
- homesweethomeMrL@lemmy.world ⁨2⁩ ⁨months⁩ ago
  Yeah, but also would be interested in how you put it together.
  
  source
Swarfega@lemm.ee ⁨2⁩ ⁨months⁩ ago
I have a couple of services, including nginx (a website) that run though a Cloudflare Tunnel. No need to open up ports and certificates are automatically managed.

developers.cloudflare.com/…/connect-networks/

I also use ddclient to update my own personal domain with my internets dynamic IP (no need for a dynamic DNS provider). I have to do this as I host Jellyfin and Cloudflare don’t support streaming through their tunnels. So yes this is exposed to the internet. It does sit behind a caddy reverse proxy though.

I also run a wireguard VPN so that I can dial in when out the home. Im in Spain next week so can use that to get BBC iPlayer etc

source
- SturgiesYrFase@lemmy.ml ⁨2⁩ ⁨months⁩ ago
  Email is going through my domain to ProtonMail, was really easy to set up, and works like a charm.
  
  This is all good info, thanks! Gives me a bit of reading to do before I start shifting everything over.
  
  source
Decronym@lemmy.decronym.xyz ⁨2⁩ ⁨months⁩ ago
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters More Letters

DNS Domain Name Service/System

HTTP Hypertext Transfer Protocol, the Web

IP Internet Protocol

VPN Virtual Private Network

nginx Popular HTTP server

[Thread #960 for this sub, first seen 9th Sep 2024, 11:55] [FAQ] [Full list] [Contact] [Source code]

source

Fewer Letters	More Letters
DNS	Domain Name Service/System
HTTP	Hypertext Transfer Protocol, the Web
IP	Internet Protocol
VPN	Virtual Private Network
nginx	Popular HTTP server