this post was submitted on 15 Jun 2023

4 points (100.0% liked)

Self Hosted - Self-hosting your services.

11223 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate.

Cross-posting

[email protected] is allowed!
[email protected] is allowed!
[email protected] is allowed!
[email protected] is allowed if topic has to do with selfhosting.
[email protected] is allowed!

If you see a rule-breaker please DM the mods!

founded 3 years ago

MODERATORS

[email protected]

[Help] How can I use a VPS to protect my home's ip? (mander.xyz)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

I have a nextcloud instance being hosted from my home network. The URL associated with it points directly at my home's IP. I don't want to host the instance on a VPS because disk space is expensive. So, instead, I want to point the URL at the VPS, and then somehow route the connection to my home's nextcloud instance without leaking my home's ip.

How might I go about doing this? Can this be achieved with nginx?

EDIT: Actually, not leaking my home's IP is not essential. It is acceptable if it is possible to determine the IP with some effort. What I really want is to be able to host multiple websites with my single home IP without those websites being obviously connected, and to avoid automatic bots constantly looking for vulnerabilities in my home network.

top 10 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

You can setup HTTP reverse proxy on your VPS. You’ll need to point the domain to your VPS for that to work.

What I really want is to be able to host multiple websites with my single home IP without those websites being obviously connected

That’s easy. You have two ways:

Host the websites under different paths in the same domain. If your websites are static this is fine, but if they are “services” this may not be feasible (and could be very complicated if it is feasible).
Host them under different sub-domains. The way it works is you create a bunch of NS records in your DNS, pointing the subdomains to your root domain, and setup one “virtual host” for each of them in your HTTP server. Both Apache and Nginx have the ability to match virtual host by domain name.

to avoid automatic bots constantly looking for vulnerabilities in my home network.

I’m not sure how you would eliminate bots by separating the websites though.

[–] [email protected] 1 points 1 year ago

You can set up nginx to do reverse proxy to your home IP, and then limit the traffic on your home IP to the VPS IP.

You can also setup a wireguard VPN between VPS and your home machine, so the traffic between VPS and your hoke machine is encrypted.

For DNS you just point to the VPS, and manage connections there, and on home network allow only VPS IP to connect. Then manage your security on the VPS.

[–] [email protected] 0 points 1 year ago (1 children)

A wireguard tunnel/VPN is probably what you want.

[–] [email protected] 0 points 1 year ago (1 children)

From what I have learned today, I think that Wireguard Tunnel is what I want!

First I was able to use nginx as a reverse proxy to route the information from my home network through the VPS. But with this approach the client would do the SSL handshake with the VPS, and then the VPS fetches information from my home network via HTTP. Since there is no encryption layer between my VPS and my home network, I suppose that the flow of information between my home server and the VPS is insecure.

Then, I need to establish some form of encrypted connection between my home server and the VPS... And that is where the Wireguard Tunnel comes in! This tunnel allows me to transfer the information with encryption.

I am still reading and setting it up, but yeah, I'm liking this, thanks!

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

Nginx can also do something called SNI routing that would allow to keep the connection between your VPS and your homeserver encrypted, but overall I think a Wireguard tunnel is probably more flexible.

[–] [email protected] 1 points 1 year ago (1 children)

Oh, cool! I have managed to do it with the Wireguard tunnel! I set up a tunnel and use the nginx proxy_pass to redirect through the tunnel. It is pretty nifty that I don't even need to port-forward!

My next step is: in my current configuration, the SSL handshake occurs between the VPS and connecting client. So the VPS has access to everything that goes through... I need to figure out how to hand-shake through the tunnel such that the VPS does not get the SSL keys.

Thanks a lot for your suggestion!

[–] [email protected] 1 points 1 year ago (1 children)

You can do SNI routing also though the tunnel.

[–] [email protected] 1 points 1 year ago

That's the next topic then. Thank you

[–] [email protected] 0 points 1 year ago (1 children)

You could do the VPN / VPS option with a reverse proxy like nginx proxy manager. Or, you could use Cloudflare tunnels. Worth noting that from a privacy perspective you’d be putting a lot of trust in Cloudflare. The same is also true for whoever you pick as your VPS provider

[–] [email protected] 1 points 1 year ago

Thanks! Wireguard was suggested as a VPN, and I am currently playing with that.

load more comments