Hello everyone :D
I’m looking to host some gaming servers to play with my friends (minecraft, enshrouded, and others), and some apps (paperless-ng, jellyfin, seafile, etc.). Each game server must be accessible from the Internet, but only certain applications will be accessible (jellyfin, etc.)
I don’t want to open any ports on my router or share my public IP. I already have a domain name, and I’m thinking of using some VPS to host a reverse proxy with tailscale or netbird.
For the VPS, I’m thinking of using OVH with unlimited bandwidth. I already have the domain name here, and I live in France where the servers are.
A few questions :
Reverse proxy :
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Using a VPN (like Tailscale or Netbird) will make setup very easy, but probably a bit slower, because they probably connect through the VPN service’s infrastructure.
My recommended approach would be to use a directly connected VPN, like OpenVPN, that just has two nodes on it – your VPS, and your home server. This will bypass the potentially slow infrastructure of a commercial VPN service. Then, use iptables rules to have the VPS forward the relevant connections (TCP port 80/443 for the web apps, TCP/UDP port 25565 for Minecraft, etc.) to the home server’s OpenVPN IP address.
My second recommended approach would be to use a program like openbsd-inetd on your VPS to forward all relevant connections to your real IP address. Then, open those ports on your home connection, but only for the VPS’s IP address. If some random person tries to portscan you, they will see closed ports.
I’m going to try your first approach, which seems to be what I want.
The second one looks tempting, but the first one seems to be more secure, I think.
cloudflare tunnel?
Stick the cloudflare container in a docker network with other services you wish to expose for access.
This can be a solution, but only for game servers, and I’m just going to use Tailscale or Netbird for apps.
From what I can see, it’s possible to use this for playing Minecraft with this mod, modflared. Not the best solution, but a working one (I hope).
Why? I use tunnels for everything, all sorts of apps included. They’re easy to set up, and reliable.
Tailscale is a good solution, though. I use that as well.
I don’t know if this is paranoia, but I don’t read good things on Cloudflare for privacy.
And after some thinking, using OVH VPS is not the best thing to do for privacy…
You got me 😂
They’ve had some security breaches, like most companies. If you’re feeling paranoid, do some reading on nginx vulnerabilities.
Exposing your home servers to the Internet is always risky. There is no 100% safe way to do it.