How to do you access your #selfhosted services remotely?
I've been port forwarding to services like #nextcloud and #homeassistant for years whether directly or currently through a reverse proxy setup, but I'm thinking about alternative options.
Any advice ?
=> More informations about this toot | More toots from GreyLinux@fosstodon.org
@GreyLinux Tailscale all the way!
=> More informations about this toot | More toots from spiritedpause@fosstodon.org
@spiritedpause yeah Tailscale is definitely something I've heard a lot about recently. It might be time for me to look into it seriously.
=> More informations about this toot | More toots from GreyLinux@fosstodon.org
@GreyLinux @spiritedpause Tailscale plus one!
=> More informations about this toot | More toots from stfn@fosstodon.org
@GreyLinux
By "more complex" I mean "far simpler" and selfhost things I want to access remotely on a public IP.
=> More informations about this toot | More toots from maswan@mastodon.acc.sunet.se
@GreyLinux
For #HomeAssitant #wireguard Is easy as it's a add-on. #tailscale as well, in fact both work just fine, though I've stuck to wireguard for HA
=> More informations about this toot | More toots from Minty95@fosstodon.org
@Minty95 wow I didn't know there was add-on for Home assistant, this might change things .
Thanks for the tip.
=> More informations about this toot | More toots from GreyLinux@fosstodon.org
@GreyLinux Dynamic DNS (with IPv6, so when I'm home, the traffic becomes completely local) behind a reverse proxy which does SSL/TLS termination and enforces SSL client certificates for added security on top of whatever auth the service does.
Sounds more complicated than it is and works well for me.
=> More informations about this toot | More toots from larsmb@mastodon.online
@larsmb I'm quite fortunate to have static IP but similar to you I have most services going through the reverse proxy , except my turn server port range for nextcloud talk .
=> More informations about this toot | More toots from GreyLinux@fosstodon.org
@GreyLinux I use @tailscale to mesh all of my machines together. Most services listen only on the machine's tailnet IP (exceptions: #HomeAssistant , Omada controller, nginx).
Nginx serves as an internal proxy for services that don't have auth or things that family needs access to without Tailscale installed. That same machine also serves as a subnet router so I can access private local IPs from remote machines on the tailnet.
=> More informations about this toot | More toots from zrail@hachyderm.io
@zrail @tailscale so do you have any ports open on your router to WAN?
=> More informations about this toot | More toots from GreyLinux@fosstodon.org
@GreyLinux @tailscale Nope! If I want to share something with someone (which I do sometimes) I have them sign up for a Tailscale account and then share that specific machine/port with them. Usually I just share the proxy.
=> More informations about this toot | More toots from zrail@hachyderm.io
@zrail @tailscale interesting ! Do you happen to run nextcloud ? And more specifically nextcloud talk ?
=> More informations about this toot | More toots from GreyLinux@fosstodon.org
@GreyLinux @tailscale I don't but it looks neat! If I were going to host it and I had users that didn't want to / couldn't install tailcale on their client I would might look into funnel https://tailscale.com/kb/1223/tailscale-funnel/
=> More informations about this toot | More toots from zrail@hachyderm.io
@GreyLinux I was using the zero tier project for a while
=> More informations about this toot | More toots from JoeCotellese@jawns.club
@GreyLinux @wireguardvpn but I'm very close to trying out @tailscale #wireguard #tailscale #vpn
=> More informations about this toot | More toots from notnorm@fosstodon.org
@notnorm @wireguardvpn @tailscale interesting ! Why would you switch ? I take it you self host wireguard .
=> More informations about this toot | More toots from GreyLinux@fosstodon.org
@GreyLinux @wireguardvpn @tailscale Yeah, I #selfhost and I totally get why you're asking the question. Sometimes I want to give a family member some limited access and having to setup a wireguard peer on a non-technical user's device requires my manual intervention.
From what I hear about tailscale, even a non-technical user can set it up and connect to the main user's network. The only reason I haven't tested it out yet is the lack of selfhosted.
=> More informations about this toot | More toots from notnorm@fosstodon.org
@notnorm @GreyLinux @wireguardvpn @tailscale what about #HeadScale, a Rust implementation of the TailScale server?
It has been on my radar for a while, but no time for setting it up unfortunately
=> More informations about this toot | More toots from thepanz@phpc.social
@thepanz @GreyLinux @wireguardvpn @tailscale I also have this starred on github and has also been on my radar. I have to look more into it but I understood the benefit of tailscale to be it’s much larger node network.
With headscale, wouldn’t it be basically equivalent to a peer to server wireguard setup?
=> More informations about this toot | More toots from notnorm@fosstodon.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini