ampersandrewMar 5

Hi, Mastodon. I'm looking for some help with #selfhosted #homelab stuff; a jumping-off point for me to research from.

I keep hearing that it's a big security no-no to just forward ports to the relevant servers, but I don't really comprehend why; I used to port forward for game servers all the time. Can anyone scare me straight?

1/2

Show threadampersandrewMar 5

And how would I best get a domain to point to my own stuff safely so that I might have jellyfin.my.domain and matrix.my.domain, etc. for anything I want to host? Tailscale is frequently recommended, but it would be too big of a hurdle for my friend group to get on a server for a Discord replacement, and I understand services like Cloudflare don't want me to use their services to access Jellyfin.

2/2

Show threadAndrew
@ampersandrew For convenient subdomains there are a couple good options that aren't terribly difficult.
A VPS + tunnel is probably best - you get a cheap VPS, point your DNS at it, and connect the VPS back to your home server via a tunnel - tailscale is an easy one. Your home IP is never public and friends just get a nice URL, no tailscale on their end
Mar 5 at 2:18pmWeb
Show threadAndrewMar 5
@ampersandrew
Or alternatively, a Tailscale FUNNEL is even easier, though less flexible. You put tailscale on your PC, then open a funnel to the tailnet that looks like pcname.mynet.ts.net. (Friend don't need tailscale.) You're relying on Tailscale's servers as the relay, but you're no longer discoverable on the open web at least!
Show threadampersandrewMar 5
@Andrew Excellent. Thanks! In what way is a Tailscale funnel less flexible? And I'm guessing that there are a number of VPS providers I should look into? Will any of them come with bandwidth limits or other gotchas to look out for?
Show threadAndrewMar 5
@ampersandrew nah, the bandwidth limits are generally huge. I use Contabo, though I hear Hetzner recommended a lot. I think a Tailscale funnel only gives you like 3 specific ports and it can be harder to pair with s personal domain if you wanted that
Show threadampersandrewMar 5
@Andrew Thanks! I've got some homework to do, for sure, but this shrinks the possibility space down to something considerably more manageable.