Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam.
-
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
-
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
-
Submission headline should match the article title.
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
They all seem self hosted and I am not yet to the point where I feel at ease with that as it seems to be "exposed" (I don't really know what it means to be honest). I do intend to get into this kind of stuff later though.
Sure, sorry, you're in the selfhosted community, so I sent some self hosted options 😆 If you own one of the internet/wifi routers with Wireguard built in (FritzBox, MikroTik, etc...) that might be an option as well. Other than that, I never tried any of the more commercial options, so I don't know much about it.
I've been wanting to learn basic self hosting for a while but I don't really have the time to dig into it now (I have two young kids, a job that takes a lot of brandwitch, and brand new medical problems). I'm only in this situation because Jellyfin was waaaay to easy to setup locally so now I want more. It's all their fault.
In a few years I'll dig more, for myself and to be able to teach some basic tech literacy to my daughters when they grow up.
Take care. Yeah, some things are really easy. But then at some point it always gets nasty, there's a million details to learn and you can keep digging down pretty much forever 😆 If you're at some time in the position to do it as a hobby, there's ways to make it a bit less time consuming. We have some turnkey solutions. I sometimes recommend https://yunohost.org/ for people who just want to set up a server without dealing with all the low level stuff... But still, it's an entire hobby.
Uh, I never heard of Yunohost before but it actually seems awesome ! I bookmarked it. It might lead me to start with getting serious with selfhosting sooner than expected. The downside is that it will lead me to ask even more stupid questions to this community...
I was very skeptical because I didn't want to punch holes into that nice safe lan. Pangolin got me in the end after I left tail scale with its easy docker for a cheap vps (1GB ram) and its approach in general.
For example I am running my services locally in a docker via compose. I add a newt endpoint (pangolin talk) that is a docker container with some with info for my pangolin instance ton said compose and I have only the content of said docker compose connected via wireguard.
Next step is exposing a public resource where you choose a specific service and port to map to a public URL.
It is all so compartmentalized its fantastic and makes me feel good about that public service.
Securing that service itself is possible with an additional auth layer.
Setting up an OIDC provider isn't particularly difficult, but you'll have to run it as a publicly accessible server in order for tailscale to interact with it.
It looks like you can register at netbird.io with email and password.
In your shoes I'd setup that for now, and later look into OIDC or (probably better) into self-hosting nebula (or maybe netbird).
Netbird has a free tier that they host, It seems simple enough and it is open source! That's a lot of perks. I'll start by trying that !
You can create an accout using trow away gafam account. Create network, then invite yourself over email. When invited you can actually make an account using only passkey. So create second account with passkey, you can leave the invited-to network and create new one completely separately from the first one. You can delete the first account and the gafam account. Job done 😀 (and yes I did exactly this) 😀
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| NAT | Network Address Translation |
| UDP | User Datagram Protocol, for real-time communications |
| VPN | Virtual Private Network |
4 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.
[Thread #7 for this comm, first seen 9th Jun 2026, 20:20] [FAQ] [Full list] [Contact] [Source code]
You missed GAFAM and OIDC
I actually found it far easier to connect it through cloudflared tunnel service. Grab a cheap domain name through them and then just follow the guide on their website. Took me longer to type this message than it did to get running and I've managed to fail at setting up the Arr suite 3 times now despite it basically being copy paste.
I paid maybe 15 bucks total to have someone else doing all the hard work for the next 5 years and all I have to do is go to my website and log in. No VPN, no port forwarding, and it works on every platform.
worth mentioning the old TOS banned video streaming across cloudflare products, but I don't see a similar umbrella restriction in the current base terms, or in the terms of cloudflare zero trust.
also, make sure you have the rights to transmit the content and are not infringing anyone's intellectual property rights, ofc 😇
CF tunnels are a way to bypass NAT but they are not really secure. There's no authentication, just a WAF and some bot detection. It's not really comparable with a VPN or Tailscale.
Cloudflare tunnels have a zero trust option to them. You can authenticate through a number of sources, including arbitrary OIDC.
not true, you can enable authentication via CF Access
https://developers.cloudflare.com/cloudflare-one/access-controls/applications/http-apps/
Jellyfin and Cloudflare Tunnels/Zero Trust might present some problems. Yes, it will undoubtedly work, however, streaming video through Cloudflare Tunnels/Zero Trust is against the TOS. Now, I suspect that if you had one user, you'd probably slide by. 10 users streaming large video files at a sustained rate would probably raise a red flag. I stream audio through Cloudflare Tunnels/Zero Trust and have had no issues, tho I am the only user. There are other alternatives to Cloudflare Tunnels/Zero Trust such as NetBird, ZeroTier, Headscale, or Tailscale. Just something to consider.
I believe that's not in their terms for years now, at least in my untrained eyes
I've read blogs that talk about video streaming/TOS issues. Personally, I have had no issues. Just figured I'd throw it out there.
"As long as the media is not being distributed publicly or cached on Cloudflare's network, and you are only using Cloudflare to proxy encrypted traffic to your own origin server, this is acceptable use. Community thread quote ~ 2025
Cloudflare distinguishes between protected internal endpoints versus public-facing content delivery. The former is generally acceptable on free tiers when combined with Zero Trust authentication. There have been no updates to the TOS since this was posted:
.....so, my guess is that it's still in effect unless superseded by an update. However, it seems arbitrarily enforced searching reddit for data. Again, just a cautionary comment.
that section 2.8 was removed https://blog.cloudflare.com/updated-tos/
new terms https://www.cloudflare.com/terms/
I take back everything I said then. OP, just disregard the old head mumbling on about the past.
Thanks, everyone. That sounds like a viable option. Is it as secure as Tailscale in terms of privacy?
It's quite secure. Privacy depends on who you ask. Obviously Cloudflare will be handling your data which is something some selfhosters do not like. Ultimately you have to make that decision as to whether it fits within your threat model. As far as security, you don't need to fiddle with NAT or open/close ports. You will, of course, need to allow ssh in UFW, so you can admin the server itself. All you do is install Cloudflare Tunnels/Zero Trust on the server, and Cloudflare takes care of the rest. If you decide to go the Cloudflare Tunnels/Zero Trust route, I have a set of my notes I would be more than happy to share. They've seemed to have helped a handful of people, and you could use them as a guide.
Depending on what router you use, setting up a VPN connection into your own home network may be the simplest solution and possibly also the most secure.
In germany at least, FritzBox seems to be the dominant router and they offer a very simple VPN setup which utilizes their own domain to initiate a connection.
I personally use a MikroTik router at home (still not sure if that was the best idea...) and they have a similar thing called Back To Home VPN. The Fritzbox gave me less trouble setting up though.
I use GitHub to authenticate. It’s easy enough and signup on GitHub is straightforward.
Github appears to be owned by microsoft so I'd rather avoid that if possible (on principle), but if the rest fails I'll fall back to that !