Offshoring my solutions

Submitted ⁨⁨4⁩ ⁨months⁩ ago⁩ by ⁨palitu@aussie.zone⁩ to ⁨selfhosted@lemmy.world⁩

Hey y’all!

I am after the colelctive expertise of this fantastic community. My family and i are moving overseas for a year for a pacific adventure, which leaves my hosting setup in a bind. We will be renting out our house and i will need to move all of my ‘servers’ (read laptop and NAS) out.

All of my services are in docker.

My main services that i MUST keep are:

Immich
- 600Gb or so
- very important as we will be taking a HEAP of photos.
paperless
vaultwarden
custom location tracking service
radicale

I would also like to make it so that all of my media is still available, but i may need to get a set up at a friends house. I have jellyfin plus a bunch of *arr’s

I was thinking a mix between at a mates house and a cloud server.

any thoughts?

source

Comments

Sort:hotnew top

ptz@dubvee.org ⁨4⁩ ⁨months⁩ ago
Are any of your services public facing? If so, you might want to make the VPS your reverse proxy and VPN server and have your stack at your friend’s house connect to the cloud server - reverse proxy in the VPS would connect back over the VPN to the equipment at your friend’s house.

This would prevent your friend from having to open ports in their router and from exposing their IP to the world (beyond their normal traffic, that is).

Plus, it would allow you to VPN-in to manage as well as have a “kill switch” should you need it (cyberattack, etc)

source
- palitu@aussie.zone ⁨4⁩ ⁨months⁩ ago
  Are any of your services public facing? Yes. i think that is like a “bastion” server, or something like that. good idea. I expect that i can get more-or-less free VPS, and just run the NPM and tailscale or something there.
  
  I would not run any of the *arrs on a network that is not yours Good thought, i dont think i would need it whilst i am away anyway.
  
  And definitely make sure your friend knows yep, responsible hosting :D
  
  thanks for the thoughts.
  
  source
  - lemmyvore@feddit.nl ⁨4⁩ ⁨months⁩ ago
    Well not free VPS (if you want it to be semi-reliable) but within $3-5/mo.
    
    You don’t need to run your NPM on the VPS (although it does make things easier). You can:
    
    Forward the whole interface to your server and just sort things out there. Downside: all visitors will appear to have the VPS’s IP.
    
    Do DNAT/SNAT one the VPS to make the forwarded connections appear to have the original remote IP instead of the VPS. Downside: a bit more complicated (a few firewall rules).
    
    Install a very basic nginx proxy on the VPS whose whole job is to put the original remote IP in a HTTP header, and on your server NPM use that header. Downside: you have to terminate and restart the TLS connection on the VPS.
    
    Use SSH tunnels instead of VPN tunnels. A VPN forwards a whole interface, a SSH tunnel forwards a single port. You will still have to deal with the IP thing. Additional downside is that it only works for TCP, it’s not worth bothering to forward UDP. But it’s much simpler to set up than a VPN, basically one command (or autossh to maintain it automatically).
    
    source
- atzanteol@sh.itjust.works ⁨4⁩ ⁨months⁩ ago
  
  This would prevent your friend from having to open ports in their router and from exposing their IP to the world (beyond their normal traffic, that is).
  
  Their IP address is already “exposed to the world.” I keep seeing people recommending this pattern in this community for the same reason. But I genuinely don’t understand it. It sounds like one of those VPN ads frankly.
  
  Your IP address is not private.
  
  Frankly I would mothball the servers and move everything to the cloud rather than use a friend’s resources. You retain control over the environment and don’t need to worry about somebody unplugging your computer to vacuum.
  
  source
  - ptz@dubvee.org ⁨4⁩ ⁨months⁩ ago
    
    Their IP address is already “exposed to the world.” I keep seeing people recommending this pattern in this community for the same reason. But I genuinely don’t understand it. It sounds like one of those VPN ads frankly.
    
    Your IP address is not private.
    
    I did state “beyond their normal traffic”. And you do realize there’s a significant difference between exposing your IP as a client and exposing your IP as one that has servers hosted behind it, right? It’s not about protecting that or keeping it secret. It’s about not putting a target on their friend’s IP address for all the bots and script kiddies to hit.
    
    source
    -> View More Comments
  - lemmyvore@feddit.nl ⁨4⁩ ⁨months⁩ ago
    With this pattern you open up an outgoing connection to the VPS, establish a two-way tunnel, and the VPS will use it to forward connections to you.
    
    People who use your services this way see the VPS’s public IP, yours is hidden from them.
    
    Sure, you still have a public IP while doing this but (a) only the VPS can see it and (b) you really don’t have to open ports on it and in fact may not even be reachable through it if it’s doing NAT.
    
    source
    -> View More Comments
constantokra@lemmy.one ⁨4⁩ ⁨months⁩ ago
If you have the option to host physical hardware from your friend’s house, I’d go that route for the whole thing. Set it up so they can access your media server locally, maybe even immich, and VPN in for everything yourself, that way you don’t have to expose ports, except the wireguard port. Don’t acquire new content from their network unless you do it behind a good VPN with a killswitch and they know and are OK with what you’re doing.

I would personally rather have my documents, photos and media collection on a computer a friend has physical custody of than in the cloud, but that’s on you and your friend. I prefer to host vaultwarden and a notification server, in my case, gotify, on the cheapest vps I could find, which was about 12 bucks a year last I checked.

I’d also set up a tor hidden service for ssh, just so you have another way in, in case something comes up. Or you could get a cheap cellular modem and a yearly Sim card. In the US, red pocket is a good choice, with a limited option available for less than 50 bucks a year. You never know when their ISP is going to do something weird, and you’ll be able to figure it out a lot easier if you have a reliable way into your server.

You should probably think about backups too. You can obviously do a backup before you go, but you’re going to want to back up at least your new photos while you’re gone. I’d suggest looking at koofr lifetime storage plans, as they’re pretty cheap for the size.

source
asshole@r.nf ⁨4⁩ ⁨months⁩ ago
I’m not sure what the question is.

Only thing I can think of is add a VPN like Tailscale so you don’t have to worry about any exposed services.

source
- palitu@aussie.zone ⁨4⁩ ⁨months⁩ ago
  All my hardware needs to move. And I cannot take it with me, but I want to keep my core stuff available. Looking at what people think are some good options.
  
  I expect it will be to a mates house with taolscale or similar in front.
  
  source

Decronym@lemmy.decronym.xyz ⁨4⁩ ⁨months⁩ ago

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters	More Letters
HTTP	Hypertext Transfer Protocol, the Web
IP	Internet Protocol
NAT	Network Address Translation
SSH	Secure Shell for remote terminal access
SSL	Secure Sockets Layer, for transparent encryption
TCP	Transmission Control Protocol, most often over IP
TLS	Transport Layer Security, supersedes SSL
UDP	User Datagram Protocol, for real-time communications
VPN	Virtual Private Network
VPS	Virtual Private Server (opposed to shared hosting)
nginx	Popular HTTP server

[Thread #491 for this sub, first seen 6th Feb 2024, 12:55] [FAQ] [Full list] [Contact] [Source code]

source