Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
How do you not do that? It's all in your local network, how would it not work offline..?
I have everything connected over Tailscale, and strictly only use IPs delegated through this system. So i realise now that I have to step away from that if I want to make it work locally :P
Why would you run local traffic over the VPN?
When I first got into self-hosting I started out using Tailscale, at that point i didn't know better and figured it was all or nothing. It has actually worked flawlessly to be fair. Probably not the best or smartest decision of my life. But am now slowly wanting to turn to just a clean WireGuard setup.
the best way to learn is by doing!
You should still be able to access everything through tailscale once you switch everything over to use local IP addresses.
Talescale proper gives you an external dependency (and a lot of security risk), but the underlying technology (wireguard) does not have the same limitation. You should just deploy wireguard yourself; it's not as scary as it sounds.
Do you by any chance faces a guide on how to get that running?
I just built my own automation around their official documentation; it's fantastic.
https://www.wireguard.com/#conceptual-overview
https://www.wireguard.com/install/
https://www.wireguard.com/quickstart/
What is the issue with the external dependency? I would argue that consumer routers have near universal shit security, networking is too complex for the average user, and there's a greater risk opening up ports and provisioning your own VPN server (on consumer software/hardware). The port forwarding and DDNS are essentially "external dependencies".
Mesh VPN clients are all open source. I believe Tailscale are currently implementing a feature where new devices can't connect to your mesh without pre-approval from your own authorized devices, even if they pass external authentication and 2FA (removing the dependency on tailscale servers in granting authorization, post-authentication).
vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer. If we're deep enough in the weeds to be arguing the pros and cons of wireguard raw vs talescale; I think we're certainly passed accepting a budget consumer router as acceptably meeting these and other needs.
Also you don't need port forwarding and ddns for internal routing. My phone and laptop both have automation in place for switching wireguard profiles based on network SSID. At home, all traffic is routed locally; outside of my network everything goes through ddns/port forwarding.
If you're really paranoid about it, you could always skip the port-forward route, and set up a wireguard-based mesh yourself using an external vps as a relay. That way you don't have to open anything directly, and internal traffic still routes when you don't have an internet connection at home. It's basically what talescale is, except in this case you control the keys and have better insight into who is using them, and you reverse the authentication paradigm from external to internal.
WTF? What galaxy are you from? Literally zero average consumers use that. They use whatever router their ISP provides, is currently advertised on tech media, or is sold at retailers.
I'm not talking about budget routers. I'm talking about ALL software running on consumer routers. They're all dogshit closed source burn and churn that barely receive security updates even while they're still in production.
That is literally the recommended config for consumer Tailscale and any mesh VPN. Do you even know how they work? The "external dependency" you're referring to — their servers — basically operate like DDNS, supplying the DNS/routing between mesh clients. Beyond that all comms are P2P, including LAN access.
Everything else you mention is useless because Tailscale, Nebula, etc all have open source server alternatives that are way more robust and foolproof to rolling your own VPS and wireguard mesh.
My argument is that "LAN access" — with all the "smart" devices and IoT surveillance capitalism spyware on it — is the weakest link, and relying on mesh VPN software to create a VLAN is significantly more secure than relying on open LAN access handled by consumer routers.
Just because you're commenting on selfhosted, on lemmy, doesn't mean you should recommend the most complex and convoluted approach, especially if you don't even know how the underlying tech actually works.
FYI ^ Sunny — I suggest you query your LAN routing config with Tailscale specific support, discord, forums, etc. I'm 99% certain you can fix your LAN access issues with little more than a reconfig.
Yeah that is true. Its just that it makes things so dead simple for other friends and family to join in on. Its defo something i need to re-evaluate.