I have several selfhosted services that I have been using for months, now I wish to access these while I am not at home. Likes of nextcloud, nocodb, wikijs and other media sharing self-hosted services
I would like to know what precautions should I take so no one knows that such a domain exists.
should I purchase a crazy numbered domain like 671341412312.com ? or should I go for .tk domains.
Would like to get some suggestions from this community on other aspects that I am missing.
VPN is the way to go. Could use this opportunity to upgrade your router. I bought a box from protectli and run OPNsense on it. There’s good documentation on how to set up a wireguard vpn, and the community is vibrant.
Its also nice because there’s lots of options so its a nice thing to grow and learn with.
VPN would be the quick and dirty
If it’s just select items, an service like azure app proxy maybe
If the domain isn’t critical if it changes, you could use freedns.afraid.org.
I’ve been using the free version for over a decade (but did donate recently). A couple of domains have come and gone, so I’ve had to pick new ones, but it’s not a big deal.
For just yourself? Get a domain that you can actually remember and use and then set up a WireGuard server (I recommend the Linuxserver.io WireGuard image)
Use that to access your stuff
Do you have 1 thing you desparately need to be publicly accessible? VLAN the VM off so it’s on its own and put a reverse proxy in front of it with HTTPS (and ideally MFA if you need auth)
this is what i did. a 10 CHAR domain of only numbers with .win
Isn’t this what VPNs were invented for?
Use cloudflared and Cloudflare Zero Trust / Access. You tunnel your services to Cloudflare, who then secures them behind a 2FA wall. No traffic ever goes to anyone aside from you.
I use WireGuard for most stuff. My Nextcloud instance is open though because I lien to upload photos I take pretty quickly to keep a backup
cloudflare / cloudflared. No ports exposed, static or dynamic ips do not matter.
Seriously as everyone suggests: use tailscale or another VPN. Tailscale is incredbly easy to setup.
Use tailscale
Free domains such as .tk or .cf are scanned by various bots as soon as they are created. I remember when I created a domain and forwarded it to my server. The spam and attacks that subsequently hit my server were very high. Significantly higher than with a domain that I paid for.
I therefore strongly recommend staying away from these free domains.
Good luck with your project :)
This is my policy: For publicly accessible services like a website, I use a cloudflare tunnel. For restricted access to just a few users, I use a cloudflare tunnel and a cloudflare application to manage access authentication. For my exclusive restricted access to the infrastructure, I used tailscale.
I will also be using cloudlfared, but will have to look at tailscale. Really appreciate you mentioning
If you go with a cert try to get a star cert that way you make it a little bit harder for hackers to find your subdomains.
6 to 9 digit .xyz domains are only around $1 a year, every year. That’s what I did and definitely recommend it. You can read more here.