Hello everyone :D
I’m looking to host some gaming servers to play with my friends (minecraft, enshrouded, and others), and some apps (paperless-ng, jellyfin, seafile, etc.). Each game server must be accessible from the Internet, but only certain applications will be accessible (jellyfin, etc.)
I don’t want to open any ports on my router or share my public IP. I already have a domain name, and I’m thinking of using some VPS to host a reverse proxy with tailscale or netbird.
For the VPS, I’m thinking of using OVH with unlimited bandwidth. I already have the domain name here, and I live in France where the servers are.
A few questions :
Reverse proxy :
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Using a VPN (like Tailscale or Netbird) will make setup very easy, but probably a bit slower, because they probably connect through the VPN service’s infrastructure.
My recommended approach would be to use a directly connected VPN, like OpenVPN, that just has two nodes on it – your VPS, and your home server. This will bypass the potentially slow infrastructure of a commercial VPN service. Then, use iptables rules to have the VPS forward the relevant connections (TCP port 80/443 for the web apps, TCP/UDP port 25565 for Minecraft, etc.) to the home server’s OpenVPN IP address.
My second recommended approach would be to use a program like openbsd-inetd on your VPS to forward all relevant connections to your real IP address. Then, open those ports on your home connection, but only for the VPS’s IP address. If some random person tries to portscan you, they will see closed ports.
I’m going to try your first approach, which seems to be what I want.
The second one looks tempting, but the first one seems to be more secure, I think.