I run a couple of programs on a home server and am looking for a way to safety expose them to the internet. Right now they all have their own username/password protection and is only available locally and through a VPN. But I’d like to simply type in a domain and have it direct to my ip address and some sort of start page (yes, I will need dynamix dns for home ip).
As an example, can I really trust a jellyfin username/password for security, or is there some sort of “security wrapper” that can provide protection through a start page super login?
I’m seen commentary about Cloudflare tunnels and Tails/Headscale - are these in the right track or is there a a more straightforward approach? The solution would also have to work outside to http/s since I may have to connect apps to the server directly (like the jellyfin example above). Ideally I would like to selfhost everything and not need a separate server, but not opposed if it is best.
Tailscale is a VPN so that sorta throws “without a VPN” out the window
Personally, I use SSH with pubkey authentication (password login is disabled). If I want to listen to music, I just mount it with sshfs and then put it on shuffle or whatever else I want.
Switched to Tailscale from openvpn and haven’t looked back. They made it simple.
Just use a VPN. Additional benefit you can surf the internet privately on any MacDonald ‘s WiFi. As soon as my devices leave my home WiFi they connect to my VPN. Keep using PiHole as DNS server and only my home ISP sees where my traffic goes.
Use a reverse proxy such as Ngrok or zrok.io. I work on the project behind zrok, its open source and the SaaS is free. Later on you could have the best of both worlds, private apps and yet public app experience with no client to load on your device. We achieve this with BrowZer, but its in beta atm - https://openziti.io/introducing-openziti-browzer
To be fair, I’m only looking to shy away from software VPN’s so I can log into any computer or phone and get to my home server apps without having to install a program and download keys.
In short, if I’m at work I’d like to see my photos and listen to my music from the work PC, which won’t allow a VPN installation.
How do you make tailscale point to the internal home network?
My tailscale instance refuses to point to my home network, or see any of my file servers
From this comment, “obscurity” should be on your list of tools. If you’re only going to access from a limited IP range (“at work”), identify your work computers’ range, and you could set your firewall to only allow inbound initiation from that range. It will *greatly* reduce the chances of scanners all over the web finding you.
Depending on your employer your IP may well be blacklisted, or rather not whitelisted as valid. Especially if they use firewalls like Palo Alto.
If they don’t allow a VPN use an SSH tunnel.
You have to enable the subnet router functionality in the node inside your network.
Ooooh I assumed tailscale was just a point to point VPN, like Hamachi. I couldn’t get it to do what I wanted so I switched to wireguard