Self Hosted - Self-hosting your services.

15362 readers

14 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate. This is strongly encouraged!

Cross-posting

!everything_git@lemmy.ml is allowed!
!docker@lemmy.ml is allowed!
!portainer@lemmy.ml is allowed!
!fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
!selfhosted@lemmy.ml is allowed!

If you see a rule-breaker please DM the mods!

founded 4 years ago

MODERATORS

Zoe8338@lemmy.ml

dogmuffins@lemmy.ml

testman@lemmy.ml

[Question] Why should I not open ports to the internet on my home router? (lemmy.world)

submitted 1 week ago by Auth@lemmy.world to c/selfhost@lemmy.ml

25 comments fedilink hide all child comments

I'm in the process of setting up homelab stuff and i've been doing some reading. It seems the consensus is to put everything behind a reverse proxy and use a vpn or cloudflare tunnel.

I plan to use a VPN for accessing my internal network from outside and to protect less battle tested foss software. But I feel like if I cant open a port to the internet to host a webserver then the internet is no longer a free place and we're cooked.

So my question is, Can I expose webserver, SSH, WireGuard to the internet with reasonable safety? What precautions and common mistakes do I need to watchout for.

you are viewing a single comment's thread
view the rest of the comments

[+] slackness@lemmy.ml 3 points 1 week ago* (last edited 3 days ago) (3 children)

[deleted]

[–] thecoffeehobbit@sopuli.xyz 2 points 1 week ago (2 children)

This post considers the situation where you expose your ports to the internet, on the edge of your residential network, for example by setting your router to forward requests with port 443 to a certain host in your network. In this case you do have a public ip address and the configured port on your home server is now reachable from the internet. This is different from just exposing a port on a machine inside a residential network for local use.

[–] Auth@lemmy.world 1 points 3 days ago (1 children)

If you set your router to only forward traffic from port 443 to a certain host does this drop all non port 443 traffic to that host?

[–] thecoffeehobbit@sopuli.xyz 2 points 3 days ago

I'd expect so, but you'll need to test with your exact router model how it behaves. Some have a 'DMZ' function that you can use to pass all ports to a certain host. I use it to expose the WAN interface of my opnsense router to the internet through the ISP router. Then I can fine tune the open ports further in opnsense which is better designed for that than the usual ISP box.

[–] MangoPenguin@lemmy.blahaj.zone 2 points 1 week ago

If a port is forwarded in NAT and an application is listening, outside traffic can reach it directly without the application needing to initiate a connection first.

[–] bjoern_tantau@swg-empire.de 2 points 1 week ago (1 children)

The application doesn't have to actively reach outside, just to listen at that port. If there is no application listening an open port does nothing. Though a port can really only be called open if an application is listening.