Given the repeat questions you can find here on basics, it’s kind of surprising there doesn’t appear to be a commonly shared FAQ, website, or book going over some of the basics.
E.g. ways to safely connect to home servers over the internet while away, when it may be better to spin up services on a VPS instead, etc.
Have I been overlooking some shared text-based resource concerning the subject, or…?
Also fwiw I did look at the sidebar links, and the awesome-sysadmin link has links to sections for blogs/books, but as of writing this, they were empty sections.
https://esc.sh/projects/devops-from-scratch/ is a good resource. Most questions you have (that are more specific) are easily searchable on the internet.
ways to safely connect to home servers over the internet while away
A couple methods include :
- Installing Wireguard on the host machine
- Reverse-proxying with a VPS
- Cloudflare zero-trust tunnel
when it may be better to spin up services on a VPS instead
Most services you probably won’t need a VPS to do, but off the top of my head a couple services which would be better hosted (not saying self-hosting them on your own hardware is bad) would be services which proxy a service. Example SearxNG, Invidious, Proxitok, etc. This is so that traffic can be shared among multiple users, and not linked back to your home IP.
https://esc.sh/projects/devops-from-scratch/ is a good resource. Most questions you have (that are more specific) are easily searchable on the internet.
Thanks, however while there are some rough notes in the Github link, it looks like this is primarily a series of videos? I was asking for text resources as I prefer those for a variety of reasons, and in this specific case it’s because it’s much easier to copy over any referenced scripts and clearly read commands mentioned.
What’s the consensus on Cloudflare tunneling?
It’s pretty good. I understand and somewhat agree with the concerns about concentrating the web around one company, but tunnels is simply a great product. So convenient for running services behind CGNAT or dynamic IP without good port forwarding options, and it’s just set and forget. If there was an alternative that good I’d use it.
I’ve been using it too, it’s really good and largely transparent. Of course, you can only expose HTTP traffic and you can’t use your own certificates unless you pay (so *.*.domain.tld domains or deeper are a no go on the free plan), but for just normal self hosting it’s the perfect solution.
I think for most people it becomes a trade off decision. Do you want to expose ports and potentially open your home to attacks but keep all traffic privately encrypted (if using SSL) and yours? Or do I keep my home unexposed but delegate trust and traffic flow to Cloudflare essentially and potentially allowing them to see my traffic?
For me it depends on the service. Nothing too sensitive or personal or already publicly available? Then Cloudflare tunnel coupled with Nginx Proxy Manager.
Highly sensitive and personal? Then do I really need to expose it to the internet? Most of the time it’s no or a VPN can be used to access those resources.
Something in between? I’d consider forwarding ports and use Nginx Proxy Manager for SSL.
For some people, exposing or forwarding ports isn’t even an option due to ISPs CGNATs, not allowed, etc. In those cases Cloudflare shines and it’s the most feasible solution.
My 0.02 cents
Hypothetically, let’s say you’ve got a subscription to NordVPN for several months and don’t want to cancel it because you’re super cheap. Also, let’s say (hypothetically) you’re looking into self hosting ALL of your stuff for remote devices when you’re out of town. How would you do it?
I was converting an old XP computer into a server, but have only done preliminary research.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation SSL Secure Sockets Layer, for transparent encryption VPN Virtual Private Network
[Thread #14 for this sub, first seen 9th Aug 2023, 03:45] [FAQ] [Full list] [Contact] [Source code]
Good bot