• 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle

  • If something doesn’t absolutely have to be public, then hosting a VPN or using tailscale (or if you prefer something self-hosted, nebula) can be good too.

    If you DO want the application(s) to be public, then something I tried in the past that worked well:

    I set up on a super cheap VPS and then set up a tunnel (using nebula) to a VM in my homelab. I made sure to configure nebula networking so as to only allow the VM and VPS.

    Both the VPS and the VM were set up to allow only SSH using an ssh key. I threw on fail2ban for the VPS for good measure. It’s scary seeing just how many bots attempt to log in the logs.

    On the VPS, I installed nginx proxy manager and configured URLs on the nginx proxy manager to redirect each to different ports on the VM where apps (like nextcloud, an xmpp server etc) were running in docker.

    Doing things that way you’re only using the VPS as a HTTP/TCP proxy to the server in your home, not actually using VPS storage/processing power beyond the bare minimum for running nginx.