Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Have you considered Cloudflare Tunnels/Zero Trust. When you use Cloudflare Tunnels/Zero Trust, you don't need to fiddle with NAT, open any ports, in fact you don't need any open ports. You just install Cloudflare Tunnels/Zero Trust on your server, connect to your Cloudflare Tunnels/Zero Trust account, and Cloudflare does the rest. To deploy Cloudflare Tunnels/Zero Trust you will need a domain name. Cloudflare will sell you a domain name but I think most get something cheap from NamesCheap or Pork Bun. When you have secured a domain name, switch the nameservers to the ones that Cloudflare assigns you. Jacks a doughnut, Bob's your uncle.
ETA: Obviously you'll need port 22 for administration.
sudo ufw default deny incoming
sudo ufw default allow outgoing
Ngl, with how often I just read "Cloudflare Tunnels/Zero Trust" this sounds like an ad.
A shitty ad like Chuck Testa.
I recommend what works well for me. I assume others are doing the same. It's a big umbrella. We can all coexist.
I think this is an excellent suggestion. I used Cloudflare tunnels until recently, and it was very effective. However, I stopped because of a minor issue, which I'll mention in case its a deal breaker for anyone.
Technically, using Cloudflare tunnels for Jellyfin is a ToS violation. You're only allowed to do so if you have an enterprise account, which is quite expensive.
I heard from a "friend of a friend" that everyday users don't need to worry about this. Cloudflare are aware of people using tunnels with Jellyfin and they aren't fussed. The rule is supposedly there to combat large scale piracy.
However, I have heard that cloudflare does decide to start caring if they can use jellyfin use as an extra excuse to kick anybody involved in other ToS violations.
In all likelihood, this won't be a problem for you. While I used tunnels, they worked perfectly. However, given that you are going to go to the effort of sorting out some level of infrastructure for yourself, its something to keep in mind.
I've heard people say this, and I've heard people say you can't stream music. Tho I do not run the 'arr stack or Jellyfin, I do run Navidrome almost 24/7/365. But it's something to keep in mind.
ETA: I am the sole user
Yeah, but if my server is in the local network, I have potential threat that someone will access my lan through public server
Well, you could do network segmentation:
Utilize UFW rules. Mine are:
sudo ufw default deny incoming
sudo ufw default allow outgoing
Anywhere ALLOW IN 192.168.1.0/24
22 ALLOW IN 192.168.1.0/24
22 on tailscale0 ALLOW IN Anywhere
22 (v6) on tailscale0 ALLOW IN Anywhere (v6)
Also:
So now I have SSH capability locally and through Tailscale installed on the server and this prevents the server from initiating connections to other LAN devices. You can do alot with UFW and Fail2Ban in conjunction with Cloudflare Tunnels/Zero Trust.