36
submitted 2 weeks ago by sem to c/selfhosted@lemmy.world

Hi all,

I started self hosting nextcloud only. Now I have a domain name and I would like to selfhost more services and websites on subdomains without having to open up more ports on my router.

  1. Is it reasonable to use a reverse proxy server to avoid opening up more ports?
  2. Can I use a reverse proxy manager that simplifies SSL certs, etc?
  3. Can I put the HTTP/HTTPS services behind a reverse proxy, behind a free cloudflare DNS proxy to mask my IP address?
  4. And put other non-http services on the real IP address.
  5. Will all of this be more prone to failure and slow compared to forwarding 443 and 80 directly to my nextcloud server?

The other services I would like to eventually host and have accessible externally are

  • Jitsi
  • Mastodon instance (hoping to make some bots that mirror other social media to bring them into Mastodon)
  • blog website
  • Veilid maybe
  • OpenVPN over TCP on 443 (to get through restrictive firewalls on e.g. school wifi networks that don't whitelist domains)
  • Synology to Synology backup.

I'm hoping to use Yunohost on a RPI to simplify hosting a lot of these things.

Here's my plan where I'm looking for feedback. Am I missing any steps? Are my assumptions correct?

  1. Install reverse proxy on yunohost; configure cloudflare DNS and freedns.afraid.org to point towards the reverse DNS server.
  2. Configure the reverse DNS to redirect various subdomains to
  • the raspberry pi running nextcloud
  • the other raspberry pi running openvpn
  • the Synology running the backup service
  • services running on the yunohost raspberry pi

I have not been able to find good documentation about how to configure the yunohost reverse proxy, or how to deal with HTTP headers, or have correct certificates on all the subdomains as well as the reverse proxy. Looking for advice on how to move forward and or simply this setup.

you are viewing a single comment's thread
view the rest of the comments
[-] just_another_person@lemmy.world 3 points 2 weeks ago

You seem pretty focused on reverse proxies for some reason, but that isn't security. An alternative is a VPN into your network. Simple solution that solves all of your asks if you don't need many people accessing your services.

[-] sem 1 points 2 weeks ago

I would like to use tailscale for some services, but the ones I access from public computers, like nextcloud or blog hosting, can't be behind a VPN.

I would love the Synology to Synology backup to be behind the VPN, but I'm not sure I'll be able to get it working, so that is lower down on my list.

Things like Jitsi would be cool to have behind the vpn, but then I'd have to get everyone to install tailscale on their phones and configure access, so that's going to be too complicated for me and my family unfortunately.

[-] possiblylinux127@lemmy.zip 1 points 2 weeks ago* (last edited 2 weeks ago)

Why wouldn't you just use Nextcloud talk?

At least with Nextcloud there is a free security scan you can use hosted by the Nextcloud company

[-] sem 1 points 2 weeks ago

My nextcloud raspberry pi server used to crash when it tried to do anything difficult, like open too many photos in a row. I adjusted some settings to try and keep it from running out of memory, but I'm not a very skilled sysadmin, and I'm using nextcloudpi now which adds another later of abstraction in an attempt to have saner defaults.

[-] possiblylinux127@lemmy.zip 1 points 2 weeks ago

Nextcloud needs enough ram to work correctly. I wouldn't run it on a raspberry pi.

When Nextcloud is idling it doesn't need much but as soon as you start heavily using it or does background maintenance you are going to want more ram. The latest version fixed a lot of the high ram usage for me but it still isn't lightweight. Also for Jitsi you are going to have the same problem as it needs lots of ram as well.

For me personally I found Nextcloud Talk to be very good and I've used it for meetings. You need to be aware of performance considerations but other than that I would it straight forward and easy to use.

[-] sem 2 points 2 weeks ago

In an ideal world I'd host on an Intel nuc or similar, but for the time being a raspberry pi 4 is all I can afford.

I think you're right, it was running out of ram before. It hasn't done that since I've moved to nextcloudpi, thankfully.

I have a separate raspi 4 with yunohost that was slated for other experimental purposes, like Jitsi, but I'm still early in that process.

[-] possiblylinux127@lemmy.zip 2 points 2 weeks ago

Obviously you can't help it now but going forward old enterprise machines on eBay tend to be a better deal. About the same cost but better performance and upgradability.

The downside is that you are dealing with older hardware which could have problems if it is really beat up

[-] sem 1 points 2 weeks ago

Thanks for the recommendation! Are there eBay search terms I should know? Used PC workstation?

this post was submitted on 07 Nov 2024
36 points (100.0% liked)

Selfhosted

40360 readers
307 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS