this post was submitted on 14 Jul 2025
129 points (97.1% liked)

Selfhosted

49599 readers
456 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
129
How to use a domain I own to self-host services? (lemmy.world)
submitted 5 days ago by gedaliyah@lemmy.world to c/selfhosted@lemmy.world
38 comments fedilink hide all child comments
 

I'm not really sure how to ask this because my knowledge is pretty limited. Any basic answers or links will be much appreciated.

I have a number of self hosted services on my home PC. I'd like to be able to access them safely over the public Internet. There are a couple of reasons for this. There is an online calendar scheduling service I would like to have access to my caldav/carddav setup. I'd also like to set up Nextcloud, which seems more or less require https. I am using http connections secured through Tailscale at the moment.

I own a domain through an old Squarespace account that I would like to use. I currently have zero knowledge or understanding of how to route my self hosted services through the domain that I own, or even if that's the correct way to set it up. Is there a guide that explains step by step for beginners how to access my home setup through the domain that I own? Should I move the domain from Squarespace to another provider that is better equipped for this type of setup?

Is this a bad idea for someone without much experience in networking in general?

you are viewing a single comment's thread
view the rest of the comments
[–] Blaster_M@lemmy.world 3 points 5 days ago* (last edited 5 days ago) (1 children)

On your DNS provider, make an A record with your IP address, AAAA record with your IPv6 address. If these addresses change often, either setup a dyndns (your DNS provider needs to support this) or pay for a Static IP from your ISP. Firewall the hell out of your network, have a default deny (drop) new inbound rule, and only open ports for your service. Use an nginx reverse proxy if possible to keep direct connections out of your service, and use containers (docker?) for your service(s). Don't forget to setup certbot and fail2ban. You need certbot to auto update your certs, and you need fail2ban to keep the automated login hacker bots from getting in.

That's the minimum. You can do more with ip region blocking and such, as well as more advanced firewalling and isolation. Also possible to use Tailscale and point the DNS A record to the Tailscale IP, which will eliminate exposing your public IP to the internet.

[–] gedaliyah@lemmy.world 1 points 5 days ago (1 children)

If I use Tailscale as described, how will a request connect to the tailnet? Is there anything you can link that explains how to do this?

[–] Blaster_M@lemmy.world 2 points 5 days ago* (last edited 5 days ago) (1 children)

When you put your server's tailscale IP in the dns, anything that looks up that dns gets the tailscale IP. You only need to connect the devices you want to have connect to the server to the same tailscale network, and your system will handle the routing.

[–] gedaliyah@lemmy.world 1 points 4 days ago

Okay, that makes sense. Would that help to set up NextCloud or other services that require https?

It doesn't really help with connecting my calendar to an external scheduling app that is not based on my device.