Selfhosting static site behind two routers?

Submitted ⁨⁨11⁩ ⁨months⁩ ago⁩ by ⁨pythia@lemmy.dbzer0.com⁩ to ⁨selfhosted@lemmy.world⁩

For the very first time i tried to selfhost a static site (lighttpd + duckdns) but I’ve failed… Is it even possible to selfhost a static site from “router 2” while i’m behind two routers? “Router 1” is from ISP and i have no possibility to change any settings except subnet, standard gateway, dhcp on/off and DMZ. -> no port forwarding. "Router 2 is Asus with port-forwarding available and i’m using an OpenVPN configuration on it (if that matters). DuckDNS could see the external ip from R2, but i couldn’t access it.

source

Comments

Sort:hotnew top

aspoleczny@lemmy.world ⁨11⁩ ⁨months⁩ ago
I use cloudflare tunnel for this purpose. No open ports, no dealing with ISP, no exposing my IP.

source
- starshipwinepineapple@programming.dev ⁨11⁩ ⁨months⁩ ago
  I would use cloudflare pages (or any forge ‘pages’ feature) before using tunnels for a static website
  
  source
- yournamehere@lemm.ee ⁨11⁩ ⁨months⁩ ago
  yet some people might want less america in their setup and try to avoid services like that.
  
  source
  - aspoleczny@lemmy.world ⁨11⁩ ⁨months⁩ ago
    Understandable. It’s compromise I’m ok with, so that’s why I mentioned this method.
    
    source
  - retro@infosec.pub ⁨11⁩ ⁨months⁩ ago
    While this is true, the reader is really the only one that can choose for themselves and Cloudflare is a valid option, even if it isn’t the most purist method available.
    
    source
pythia@lemmy.dbzer0.com ⁨11⁩ ⁨months⁩ ago
[deleted]
source
- uranibaba@lemmy.world ⁨11⁩ ⁨months⁩ ago
  You want DMZ. I have the same setup. DMZ will make router 1 consider router 2 to be WAN and not behind firewall.
  
  source
- fishynoob@infosec.pub ⁨11⁩ ⁨months⁩ ago
  Yes, but DMZ is a better solution if you want to let Router 2 handle your network
  
  source
possiblylinux127@lemmy.zip ⁨11⁩ ⁨months⁩ ago
You don’t want two routers as that creates a double NAT

Setup a service and them install Tailscale/Netbird on your devices. The reason double NAT is bad is that it can break NAT traversal used to allow you to directly remote access a device away from home.

source
Xanza@lemm.ee ⁨11⁩ ⁨months⁩ ago
DuckDNS is just unreliable, I’ve found. Try HurricaneElectric; dns.he.net

source
couch1potato@lemmy.dbzer0.com ⁨11⁩ ⁨months⁩ ago
I’m actually behind 3 routers and still hosting stuff to the internet. My house is behind cgnat, I have two isp routers, which both connect to a pfsense router (ip of which is in tge dmz of each isp router).

My pfsense router and a free vps hosted at oracle are both connected via tailscale. Pfsense router advertises specific subnet addresses to the tailnet. VPS uses caddy to reverse proxy to those subnet addresses to expose them to the internet.

source
Jason2357@lemmy.ca ⁨11⁩ ⁨months⁩ ago
Either DMZ on the first router, or bridge mode on the second.

source
BrightCandle@lemmy.world ⁨11⁩ ⁨months⁩ ago
The DMZ for the ISPs router forward to the second router, then everything that hits your outside IP will be forwarded to router 2. Then on Router 2 you open the ports for your service and forward to the internal machine. That should all work fine.

source
- pythia@lemmy.dbzer0.com ⁨11⁩ ⁨months⁩ ago
  Thank you, will try. I was afraid of DMZ …
  
  source
just_another_person@lemmy.world ⁨11⁩ ⁨months⁩ ago
You’re going to get double NAT’d if you don’t have a proper passthrough. Is there a specific reason you have two routers setup like this?

source
- Onomatopoeia@lemmy.cafe ⁨11⁩ ⁨months⁩ ago
  Probably because the ISP modem/router has limited capability.
  
  I’ve done 2 routers like this for years (out of laziness more than anything) because cable modem router suck from a capability standpoint.
  
  source
  - pythia@lemmy.dbzer0.com ⁨11⁩ ⁨months⁩ ago
    that’s exactly why.
    
    source
    -> View More Comments
  - just_another_person@lemmy.world ⁨11⁩ ⁨months⁩ ago
    The actual cable modem can run in passthrough mode though. Look up the model and find the docs. Should be a quick and easy change, or your ISP at least should able to change it. It would be absurd if not.
    
    source
    -> View More Comments
perishthethought@lemm.ee ⁨11⁩ ⁨months⁩ ago
Hey, I’m doing this now, using DuckDNS. But I had to forward a port thru Router 1, as you call it. That’s your problem.

Maybe Tailscale would help you? (I’ve not used it though)

Or, instead of allowing port 80/443 traffic in, what I have is a random port used by my Wireguard VPN opened only. But I have to connect thru that when I’m not at home. I. E. only I can access my web server.

source
markstos@lemmy.world ⁨11⁩ ⁨months⁩ ago
Yes. DMZ on router 1 exposes router 2 IP to internet.

source
- badlotus@discuss.online ⁨11⁩ ⁨months⁩ ago
  This right here. Since you can’t really configure the ISP router, DMZ mode is the way to go. Just make sure you’re not connecting anything else directly to your ISP router or it will be exposed to the internet along with your router.
  
  source