ive anabled a port forward on port 80 (TCP/UDP) to my server, but i still cant acess it. i know its unsafe to just open a port like that, this is temporary, just wanna see if it works. ill put a reverse proxt and https on it later
I’m kinda weirded out by all the people suggesting a VPN here.
Like – if you’re hosting Nextcloud, Jellyfin, etc and you want friends/family to use it, having them VPN into shit is a hurdle that none of them are going to overcome.
You need to make sure you’re not behind CGNAT first, if not, don’t use Nextcloud on port 80, put it on another port, and then open that port to the outside world.
Just be aware, you REALLY want these things to be isolated from your home environment if you’re going to host them, and you NEED to be on some sort of CVE notification list for the software you currently use. Not all CVEs are “YOU MUST UPGRADE NOW”, but some of them can be pretty severe.
I’ve set up fail2ban on my isolated network, and it does a pretty good job of banning any IPs that are probing for things. So much so that I’ve accidentally locked myself out of my own network a few times, lol
IF you ARE behind a CGNAT - what you’ll want to do is likely rent the cheapest VPS you can find, and then set up a VPN not on the VPS, but on your home network, and have the VPS be your public entry point to the network, as it will have a public facing IP and can mask your home IP address. – https://github.com/fractalnetworksco/selfhosted-gateway
Edit: THEN - once you’ve accomplished all that, you’ll probably want to buy a domain name, and reverse-proxy subdomains to forward to the services on specific ports.
Please set up Tailscale or a Wireguard VPN before you start forwarding ports on your router.
Your configuration as you have described it so far is setting yourself up for a world of hurt, in that you are going to be a target for hackers from literally the entire world.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
If you want to be very secure, host a VPN and don’t open any ports besides the VPN port. Then access anything as though you’re on LAN.
I’m kinda weirded out by all the people suggesting a VPN here.
Like – if you’re hosting Nextcloud, Jellyfin, etc and you want friends/family to use it, having them VPN into shit is a hurdle that none of them are going to overcome.
You need to make sure you’re not behind CGNAT first, if not, don’t use Nextcloud on port 80, put it on another port, and then open that port to the outside world.
Just be aware, you REALLY want these things to be isolated from your home environment if you’re going to host them, and you NEED to be on some sort of CVE notification list for the software you currently use. Not all CVEs are “YOU MUST UPGRADE NOW”, but some of them can be pretty severe.
I’ve set up fail2ban on my isolated network, and it does a pretty good job of banning any IPs that are probing for things. So much so that I’ve accidentally locked myself out of my own network a few times, lol
IF you ARE behind a CGNAT - what you’ll want to do is likely rent the cheapest VPS you can find, and then set up a VPN not on the VPS, but on your home network, and have the VPS be your public entry point to the network, as it will have a public facing IP and can mask your home IP address. – https://github.com/fractalnetworksco/selfhosted-gateway
Edit: THEN - once you’ve accomplished all that, you’ll probably want to buy a domain name, and reverse-proxy subdomains to forward to the services on specific ports.
Please set up Tailscale or a Wireguard VPN before you start forwarding ports on your router.
Your configuration as you have described it so far is setting yourself up for a world of hurt, in that you are going to be a target for hackers from literally the entire world.