9
submitted 1 year ago* (last edited 1 year ago) by marsokod@lemmy.world to c/selfhosted@lemmy.world

Hello everyone, I would need some advice on my setup.

I had an ISP with basic DSL 60/20Mbps and I was hosting my services at home with SWAG as a main proxy, opening the ports. I ordered 2 days ago a plan with a new ISP for a 1Gbps line, that offered port forwarding as well. The installation was done today and it turns out they retired the port forwarding on my offer yesterday.

I can see potentially 3 choices:

  1. stay with the old ISP and the slow-ish line. My main issue was the uplink speed that made off-site backup a pain
  2. go with the new ISP but order the higher speed plan that is £25/month more expensive, and without a proper guarantee that they will keep offering the port forwarding
  3. use the non-port forwarding option, but rent a small VPS that would act as a front-end (through zerotier/tailscale/direct wireguard), paying a small latency cost when accessing remotely.

I am not fully sure about the pros and cons of the different ways on the last option. I would be kin on keeping my home server fully capable, the point of me self-hosting being to cope with temporary disconnection at home. But then you can either have an IP table routing in the VPS to forward everything on the used port, or have another nginx proxy there to redirect everything. And I am not fully sure VPS providers are generally OK with this kind of use.

Has anyone got a similar setup to option 3 and would have some advices?

Edit 1: Thanks a lot for your comments everyone!

I got a small VPS (not the cheapest one yet) and setup a wireguard tunnel following this principle and it seems to be working so far. I'll monitor a bit the situation as I have 14 days to cancel my plan. I'll also see how it works for gitea running in docker in the NAT and ssh forwarding, I suspect this will be a fun endeavour.

I decided to avoid using cloudflare tunnel. And I am avoiding using a nginx proxy at the moment as I would need to ensure the certificates are properly synced between the two (or maybe letsencrypt allows you to have two certificates for the same domain?)

you are viewing a single comment's thread
view the rest of the comments
[-] lupec@lemmy.lpcha.im 1 points 1 year ago* (last edited 1 year ago)

So it sounds to me like you may have to deal with a IPv4 only address behind CGNAT, which makes port forwarding not work anymore. It's how my connection is set up, but luckily it does fully support IPv6 and that doesn't require any forwarding so I make do.
If IPv6 isn't an option for you or you'd like to access your services from IPv4 only networks, I'd just go with Tailscale myself. I've been a happy user for years and it just works so well, should be good in your situation as well.

this post was submitted on 29 Jun 2023
9 points (100.0% liked)

Selfhosted

40360 readers
266 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS