I have several selfhosted services that I have been using for months, now I wish to access these while I am not at home. Likes of nextcloud, nocodb, wikijs and other media sharing self-hosted services
I would like to know what precautions should I take so no one knows that such a domain exists.
should I purchase a crazy numbered domain like 671341412312.com ? or should I go for .tk domains.
Would like to get some suggestions from this community on other aspects that I am missing.
VPN is the way to go. Could use this opportunity to upgrade your router. I bought a box from protectli and run OPNsense on it. There’s good documentation on how to set up a wireguard vpn, and the community is vibrant.
Its also nice because there’s lots of options so its a nice thing to grow and learn with.
This is my policy: For publicly accessible services like a website, I use a cloudflare tunnel. For restricted access to just a few users, I use a cloudflare tunnel and a cloudflare application to manage access authentication. For my exclusive restricted access to the infrastructure, I used tailscale.
I will also be using cloudlfared, but will have to look at tailscale. Really appreciate you mentioning
ZeroTeir (or a VPN) - if all you want is to access those services from outside your network
IMO - the only reason to put something “on the internet” is so that the entire “internet” can access it
this ^ I use ZeroTier, and then point subdomains under my personal domain name at the ZeroTier IP for each of my devices. Then I can use those hostnames but no one else can, and name based virtual hosting is easy via wildcard sub-sub-domains
For example plex.desktop.mydomain.com -> *.desktop.mydomain.com -> desktop.mydomain.com -> 10.x.x.x
If you go with a cert try to get a star cert that way you make it a little bit harder for hackers to find your subdomains.
Seriously as everyone suggests: use tailscale or another VPN. Tailscale is incredbly easy to setup.
Warning: tk domains registrar has 0 GDPR.
Might be irrelevant now, but I didn’t managed to delete my data once I wanted out
I never really understood the concept behind their free domains, but I never purchased a free/cheap domain after my first experience of getting charged 2-3 times for renewal.
However, are you talking about deletion of your personal data or your website data ?
Personal data.
They also moved a free domain that I have let expire to the paid ones, so if I wanted to renew I would have to pay… Which is kind of fair… They should also make money from somewhere…
When buying a domain read all the details: renewal fee are mentioned there. For me they were turnoffs in some cases.
I now have a .ovh as a cheap alternative. Iirc they are dirt cheap when you reserve the domain for 3 years…
Try using Tailscale. It’s easy to use & free for personal use. It will only allow devices with Tailscale installed to view your self-hosted services. They have clients for mobile devices, PC’s, Mac’s and even Apple TV etc. Their technology is based on Wireguard so it’s very fast and secure.
6 to 9 digit .xyz domains are only around $1 a year, every year. That’s what I did and definitely recommend it. You can read more here.
- install opnsense
- set up geoip block where only IPs from your own country can ever initiate connection from the outside
- keep your stuff up to date
- enjoy security
Use tailscale
Crazy number domain doesn’t provide any security but you can buy a 1.111B class .XYZ domain for as cheap as 0,62USD a year
VPN would be the quick and dirty
If it’s just select items, an service like azure app proxy maybe
this is what i did. a 10 CHAR domain of only numbers with .win
Free domains such as .tk or .cf are scanned by various bots as soon as they are created. I remember when I created a domain and forwarded it to my server. The spam and attacks that subsequently hit my server were very high. Significantly higher than with a domain that I paid for.
I therefore strongly recommend staying away from these free domains.
Good luck with your project :)
Use cloudflared and Cloudflare Zero Trust / Access. You tunnel your services to Cloudflare, who then secures them behind a 2FA wall. No traffic ever goes to anyone aside from you.