Self Hosted - Self-hosting your services.

15378 readers

17 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate. This is strongly encouraged!

Cross-posting

!everything_git@lemmy.ml is allowed!
!docker@lemmy.ml is allowed!
!portainer@lemmy.ml is allowed!
!fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
!selfhosted@lemmy.ml is allowed!

If you see a rule-breaker please DM the mods!

founded 4 years ago

MODERATORS

Zoe8338@lemmy.ml

dogmuffins@lemmy.ml

testman@lemmy.ml

[Question] Why should I not open ports to the internet on my home router? (lemmy.world)

submitted 1 week ago by Auth@lemmy.world to c/selfhost@lemmy.ml

25 comments fedilink hide all child comments

I'm in the process of setting up homelab stuff and i've been doing some reading. It seems the consensus is to put everything behind a reverse proxy and use a vpn or cloudflare tunnel.

I plan to use a VPN for accessing my internal network from outside and to protect less battle tested foss software. But I feel like if I cant open a port to the internet to host a webserver then the internet is no longer a free place and we're cooked.

So my question is, Can I expose webserver, SSH, WireGuard to the internet with reasonable safety? What precautions and common mistakes do I need to watchout for.

you are viewing a single comment's thread
view the rest of the comments

[–] freagle@lemmygrad.ml 0 points 1 week ago (1 children)

So, hate to break this to you but it's been almost 20 years since you shouldn't just open ports directly to your computer from your home router AND it's been about that long since ISPs just don't allow traffic to customers on standard ports like 80, 443, 21, 22, etc.

The way to do this is actually to have multiple computers, with the first computer acting as your firewall, IDS, and IPS. That computer should run no other services and should be heavily locked down after it's setup, as in most things should be made read-only except the few variable files that are required for operations.

That computer should then route traffic to computers behind it that provide services like https, ssh, etc. This setup makes everything much safer.

But you'll still have to contend with your ISP and they don't usually budge, so you'll have to run services on non-standard ports.

[–] 0x0@lemmy.zip 2 points 1 week ago

ISPs just don’t allow traffic to customers on standard ports like 80, 443, 21, 22, etc.

YMMV