Selfhosted

40042 readers

879 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

[email protected]

Secure portal between Internet and internal services (lemmy.world)

submitted 5 months ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

I thought I was going to use Authentik for this purpose but it just seems to redirect to an otherwise Internet accessible page. I'm looking for a way to remotely access my home network at a site like remote.mywebsite.com. I have Nginx proxy forwarding with SSL working appropriately, so I need an internal service that receives the traffic, logs me in, and passes me to services I don't want to expose to the Internet.

My issue with Authentik is if I need to access questionable internal websites I have to make an Internet accessible subdomain. I don't want authentik.mywebsite.com to redirect to totallyillegal.mywebsite.com. I want it to redirect to 10.1.1.30:8787.

Is there anything that does that?

all 7 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 5 months ago

Why not run a wire guard server? If you need to access internal things connect to your wire guard server.

[–] [email protected] 1 points 5 months ago (1 children)

Cloudflare tunnel is an option, you can even scrap your own nginx

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
DNS	Domain Name Service/System
HTTP	Hypertext Transfer Protocol, the Web
IP	Internet Protocol
SSO	Single Sign-On
VPN	Virtual Private Network
nginx	Popular HTTP server

[Thread #751 for this sub, first seen 16th May 2024, 06:35] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago) (1 children)

The exact setup can be achieved by tailscale, a not really known feature is you can point your domain to the, tailscale IP (new ip assigned by tailscale), and it will act just like a normal hosting setup.

Advantage, any device or someone who you do not pre approve can't see anything if they go to the domain and subdomain. They only work if you are connected and authenticated to tailscale network. I have a similar setup, if you need more pointers please ping me.

[–] [email protected] -1 points 5 months ago

I ended up going with tailscale. Every other option exposed my secret services to the Internet, even if behind a password. Tailscale was ridiculously easy to set up too. The docker compose I used had Heimdall in it too so I was able put all my links on there. Procedure is connect with tailscale app -> go to http://illegalshit -> click/tap on relevant link. I might pull back on my Nginx proxy targets and port forwards for this more secure system.

What happens if tailscale goes down though?