1227
submitted 1 year ago* (last edited 1 year ago) by jaackf@lemmy.world to c/selfhosted@lemmy.world

I'm already hosting pihole, but i know there's so much great stuff out there! I want to find some useful things that I can get my hands on. Thanks!

Edit: Thanks all! I've got a lil homelab setup going now with Pihole, Jellyfin, Paperless ngx, Yacht and YT-DL. Going to be looking into it more tomorrow, this is so much fun!

you are viewing a single comment's thread
view the rest of the comments
[-] peaceb@lemmy.world 8 points 1 year ago

Have it be accessible over Tailscale (or similar) and that alleviates a lot of the access concerns. No need to setup port forwarding either.

[-] ElectroVagrant@lemmy.world 2 points 1 year ago

Similar might be running Wireguard yourself, right? Albeit if memory serves that setup tends to require port forwarding, so maybe not (or maybe I set it up wrong).

[-] techviator@infosec.pub 4 points 1 year ago

Tailscale uses the Wireguard protocol (in userspace, not kernel) along with a user and IP management system, a STUN system and a relay so they can provide easy management and connectivity even behind NAT or CGNAT. The relay uses https headers to hide the traffic, which provides a slower connection but allows connectivity in networks that block UDP or VPN traffic.

Installing a Wireguard server would use a kernel implementation of the WG protocol, but you have to open a port on the server side for it, and manually create the peer configuration and public/private keys for them. It is slightly faster, but not as easy to deploy or as versatile when dealing with complicated networks, dual NAT or CGNAT. Also very easy to block on networks as it does not obfuscates the traffic.

I chose to deploy a Wireguard server because it works well for my needs, but if I was behind CGNAT or connected through restrictive networks I would move to Tailscale.

[-] ElectroVagrant@lemmy.world 3 points 1 year ago

Makes sense!

I set up Wireguard simply to get a rough understanding of how to do so & to try to access some home resources while away, which works well enough across simpler network situations, but as you indicate, breaks down against more complicated network situations.

[-] limit@lemmy.world 2 points 1 year ago

Port forwarding a wg udp port is way safer than port forwarding some application to login to from the internet. At least with WG you can't even brute force it or anything, it's a lightweight protocol that requires a client cert.

[-] Hexarei@programming.dev 1 points 1 year ago

Tailscale basically uses NAT hole-punching, doesn't require any port-forwarding ever, it's great

this post was submitted on 02 Jul 2023
1227 points (100.0% liked)

Selfhosted

40670 readers
367 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS