ampersandrewMar 5

Hi, Mastodon. I'm looking for some help with #selfhosted #homelab stuff; a jumping-off point for me to research from.

I keep hearing that it's a big security no-no to just forward ports to the relevant servers, but I don't really comprehend why; I used to port forward for game servers all the time. Can anyone scare me straight?

1/2

Show threadampersandrewMar 5

And how would I best get a domain to point to my own stuff safely so that I might have jellyfin.my.domain and matrix.my.domain, etc. for anything I want to host? Tailscale is frequently recommended, but it would be too big of a hurdle for my friend group to get on a server for a Discord replacement, and I understand services like Cloudflare don't want me to use their services to access Jellyfin.

2/2

Show threadAndrewMar 5
@ampersandrew For convenient subdomains there are a couple good options that aren't terribly difficult.
A VPS + tunnel is probably best - you get a cheap VPS, point your DNS at it, and connect the VPS back to your home server via a tunnel - tailscale is an easy one. Your home IP is never public and friends just get a nice URL, no tailscale on their end
Show threadampersandrewMar 5
@Andrew Excellent. Thanks! In what way is a Tailscale funnel less flexible? And I'm guessing that there are a number of VPS providers I should look into? Will any of them come with bandwidth limits or other gotchas to look out for?
Show threadAndrew
@ampersandrew nah, the bandwidth limits are generally huge. I use Contabo, though I hear Hetzner recommended a lot. I think a Tailscale funnel only gives you like 3 specific ports and it can be harder to pair with s personal domain if you wanted that
Mar 5 at 2:38pmWeb
Show threadampersandrewMar 5
@Andrew Thanks! I've got some homework to do, for sure, but this shrinks the possibility space down to something considerably more manageable.