Jason2357
@Jason2357@lemmy.ca
- Comment on I finally bought a domain! Now what 3 days ago:
I ain’t your bro, pal. ;)
- Comment on I finally bought a domain! Now what 3 days ago:
New weekend project! Lol
- Comment on I finally bought a domain! Now what 3 days ago:
I absolutely agree, to the point where I thought you were agreeing with a different post I made. This is the way!
There are lots of free or nearly free ways to host a static site with your domain, and basically walk away from it for years at a time just fine. I wouldn’t use Cloudflare just on principal for just static site hosting, but its fine I guess. All the software forges host pages for free, and a bunch of smaller outfits like Neocities. Even a static site on a VPS is nearly zero maintenance. When was the last time there was a CVE for remote code execution that would effect a Linux VPS hosting only a static webpage via Caddy or Ngnix and key-based SSH? (I don’t actually think there has been one).
Absolutely, I use a VPN for self hosted services I can’t be bothered to secure properly and don’t need exposed to all that mess. Wireguard is amazing. I used OpenVPN for years and it was such a pain in the ass mobile. I remember when it first came out, I set it up and made a SIP VoIP call with my phone. I could toggle between WiFi and cellular networks without the audio even glitching, let alone a call dropping. That was honestly like black magic back then.
- Comment on I finally bought a domain! Now what 3 days ago:
Sorry to have made you upset. I consider Cloudflare to be the “gatekeeper” here.
I have seen all the walkthroughs and it looks like the worst of both worlds -false sense of security and more complexity and weird non-transferrable knowledge than first glance. I suggest they use a VPN to connect to anything you can’t secure easily, as there are lots of options, and far smaller attack surface than a Cloudflare “protected” (hint: its not protected from anything but the lazyest automated attacks) proxy.
Note: I understand moderate sized businesses using Cloudflare because DDOS attacks for ransom are a thing and a days outage can cost a lot of money. But its a protection racket and I don’t blame victims.
- Comment on I finally bought a domain! Now what 3 days ago:
At the moment, every time I want to access my server, I have to turn off my VPN so I can turn on tailscale.
Yes, mobile devices typically cannot run two VPNs at once. There are two issues here, when at home and when out on other networks.
At home, the solution is not to round-trip out to your VPN provider and then back into your network via the public Internet using your domain. Unfortunately. That creates a huge latency and bandwidth penalty when you are physically at home and unnecessary complexity.
Instead, if you must use your VPN service while at home, you need to find the split tunnel settings to allow your phone to access the local network while connected to the VPN service. They usually hide that setting because it opens up the security of said services and allows some leaks, but it should be there.
When out on other networks, it gets harder. If you get creative with networking, you could connect a computer to your commercial VPN service and have all your tailnet devices use it as an exit node, which has the nice benefit of paying the VPN service for “one device” and using as many as you want, but is dependent on your home network speed and a PITA to set up.
Tailscale does integrate with one VPN provider so you can use one app for both tasks, but it may not be the provider you want. I don’t know If their direct competitors do the same, maybe shop around a bit. One VPN app for both use cases is what you want, not two different VPN apps.
Finally, if none of the above works for you, then yes, you are back to accessing your self-hosted services via the public internet and your domain name while travelling and using your commercial VPN. You will have to secure the service, and that will take some learning to do safely. That will be a journey and not something you want to just throw together quickly. You might be able to restrict incoming connections to just your commercial VPN IP address range (in addition to all of the other proper config required) to further reduce the attack surface. Sorry, that is a bit of bad news.
- Comment on I finally bought a domain! Now what 3 days ago:
My understanding was tailscale is to connect different machines across the internet, but that a traditional VPN hides your information
You got it! When you google VPN services, you get all these companies selling products for encrypting your internet traffic (90% snake oil IMHO). Main usecase nowadays seems to be making your browsing appear like you are in a different country. This is not what people are referring to in this thread by “VPN”, even though it is the exact same underlying technology.
Tailscale is actually trying to simplify the original VPN idea, which is to create a secure private “network” over the internet, so your devices can securely talk to one another, no matter where they are physically (over the internet). When you are out on the road, your phone can see your home server just like they were on the same home network, and there’s no way for an attacker to see the traffic or get access to those machines. You might also read about Wireguard or Zerotier -same idea, the first is more rudimentary but is used by Tailscale, the second is their main compeditor. Tailscale is pretty good at being easy to get going because it takes care of authentication, routing, and port forwarding for you. They even helpfully proxy your encrypted traffic if the machines fully cannot p2p we each other (slow, but can save your butt). The apps are pretty decent too. I used Tailscale for a long time then eventually self-hosted it once I knew what I was doing sufficiently. I still use their apps.
- Comment on I finally bought a domain! Now what 3 days ago:
Sounds like you may be really starting from scratch on your learning. It would be best to work entirely inside a VPN like tailscale for complex apps like jellyfin if you want them. You can set up https, but there’s no harm either way. You might not use your own domain right away inside your VPN, but you will a little down the road. You will get annoyed with using IP addresses for your services and set up an internal DNS server eventually. You can safely experiment and make mistakes inside your tailnet.
For learning to set up an open Internet exposed service, use a completely isolated, dedicated computer (maybe a raspberry pi on a demilitarised zone of your internet router or better yet a $5 VPS on someone else’s network). Then read up on hosting a “static website” with either ngnix or Caddy. I prefer the latter because one short config file can set everything up for https and take care of the certificates for you. This can eventually become the gateway into your other services from the open Internet, but do not do that from the start, just a simple personal website. This will require learning a little Linux system admin, SSH (read up on key based authentication so you can disable password authentication in SSH), remote file management, and configuring a webserver, DNS, and certificates. Lots to learn.
Because it is just hosting static webpages, theres almost no risk of it being hacked and used maliciously if you misconfigrure something or forget to patch it. Static sites are awesome nowadays anyway, though, you don’t even really need a fancy site generator to get started, just some simple HTML files. A fun and easy project is a hand written list of your favourite web links and then set your browser’s new tab page to it. Instantly useful and fully under your control.
I actually envy your spot on your learning journey. It was such a rewarding experience for me to do all the above.
- Comment on I finally bought a domain! Now what 3 days ago:
For a personal website, just point the main domain or one subdomain at something like github pages or another static site hoster to start forwarding email to their regular email. Zero maintenance to start and cost.
- Comment on I finally bought a domain! Now what 3 days ago:
Step 1: buy a couple extra years and set an annual reminder in your calendar. If you are happy with it, you will be together a long time and don’t want it to expire on you while on a vacation or something.
- Comment on I finally bought a domain! Now what 3 days ago:
I just don’t get this take of getting your own domain and seld-hosting, but run it all through cloudflare. Its sad.
- Comment on Recommended mini pc for a homelab? 1 week ago:
Of course. But when you have a storage requirement and it can be met with fewer HDDs than SSDs, the difference becomes less and less.
- Comment on Recommended mini pc for a homelab? 1 week ago:
An i7 doesn’t really use much more power for bursty usage, as it gets back to sleep states faster. Same issue with ssds vs HDDs, per GB, there’s not much difference in power consumption, only when you look at per drive does it matter.
- Comment on Recommended mini pc for a homelab? 1 week ago:
You can’t really optimize for both power efficiency AND upgradability while choosing second hand USFF computers. Sort of have to pick a priority. I realized that electricity is relatively cheap where I am, and so older thinkstations with i5 or i7s are a great frugal option. Not so in, say, Europe.
- Comment on Vaultwarden while allowing family emergency access 1 week ago:
A well labeled sealed envelope in a small fire safe with short, clear instructions on how to get into everything you want them to. Ideally, simple enough for them to follow, but expect they will ask someone for help. Open it and update it every few years.
- Comment on Wireguard easy and third party von service. 2 weeks ago:
Serving headscale is basically a webserver plus a couple of ports. Super minimal hardware requirement but the typical difficulty of needing those ports on a publicly addressable static IP or dynamic DNS.
- Comment on Wireguard easy and third party von service. 2 weeks ago:
I run head scale on a Vps and it has been 100% reliable and provides an exit node for me via that VPS. But you are going to have the exact same issue, I think with your VPN.
You want your default route from the exit node to go over mullivard’s interface, but you need wireguard or tailscale to talk to the other clients directly, via their clearnet IP. You can tell the exit nodes tailscale/wireguard client to bind the clearnet interface, but that may or may not help. Mullivard probably takes the default gateway, which will likely cut off the clients. You could set dedicated routes to the IP addresses of the clients, but they can change if those clients are mobile. You will need to maintain a routing table somehow or keep the pre-existing connection active (fragile).
I am sure its well trodden ground, just be aware that head scale probably won’t solve your problem automatically. Its a routing and or firewall config issue.
- Comment on Wireguard easy and third party von service. 2 weeks ago:
Head scale is actually a simpler implementation rather than the heart of what tailscale uses directly. It is perfectly complete for a single persons homelab application IMHO. Would be easy for the community to maintain a fork, but its also good to see other approaches that solve the same problem.
- Comment on I read every day but rarely have my e-reader on me — so I built a self-hosted EPUB library that syncs my reading position between my Kobo and my phone 3 weeks ago:
We need more developed language for this. In my head “vibe coding” is when you write entirely in natural language prompts and don’t actually read, edit, or review the code. Everyone seems to have a different idea.
- Comment on Security considerations about hosting Immich from home 3 weeks ago:
I can’t recall the name, but there was at least one project that had a kind of static web proxy of shared immich albums, so you can expose that to the internet for sharing and keep Immich its self internal network only.
- Comment on About bajoran's actors makeup 3 weeks ago:
God I love nerds. Have all my upvotes.
- Comment on Should I switch from Synology Photos to Immich? 4 weeks ago:
Their first “stable” release was 6 months ago and they are currently working on the next major version #, so yeah, focus on recent posts only or the info will be out of date.
- Comment on Self-hosting in 2025 isn't about privacy anymore - it's about building resistance infrastructure 5 months ago:
Oh neat. I was scared off by OIC going to a data “blob” backend store. I want my files still accessible directly if the database blows up. Looks like opencloud gives you the choice: nexus.opencloud.community/…/storage-backends/
- Comment on FFS Plex, the server is on my local network 9 months ago:
Relaying gigabytes of traffic per user costs serious money. Rely on them to do it, and they are either going to charge you or are just waiting to charge you when their VCs come knocking.