What is your goal? If it’s to have personal remote access, set up tailscale on all the devices you want to connect. If it’s self-hosting a public webserver, your options are hosting on non-standard ports, changing ISPs to one that lets you host, or tunneling to some other third party location that lets you host.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
There's also headscale if you want to selfhost
And of course, as others mentioned, you can always set up a VPN and tunnel in; ISPs rarely block VPN server port access.
There are some managed tunnel alternatives but they are not cheap. At this point it’s cheaper to rent a $20/year VPS and install one of these: https://github.com/anderspitman/awesome-tunneling
I personally love frp
Edit: I have never tried it, but there’s also Tailscale Funnel https://tailscale.com/kb/1223/tailscale-funnel/
The only real alternative is to get a cheap VPS so you can VPN between the VPS and your home and keep using the tunnel and not expose your home IP but only your VPS IP. Or variations of that: you can also just use NGINX to forward 80/443 to 8080/8443 at home without even needing a VPN or to decode the encrypted traffic. Oracle has a free tier for those, but there's lots of reports of people's instances being shut down and left without their data.
There's no free and readily available solution like Cloudflare tunnels that can be more private, because whoever is proxying your traffic pretty much has to be able to see it. At the bare minimum, to be able to route it, they'd have to either give you your own public IP and blanket forward port 443, or they have to inspect the SNI header of the TLS session. It's technically possible to do that, I've implemented such a proxy with zero knowledge of the data inside. Cloudflare does have such a product in the enterprise tier, but it doesn't make sense for them to offer as a free product.
The only reason they have a free tier is to collect telemetry and run experiments to improve their enterprise offerings, and also free advertising by luring small companies into using them and then upgrading when they grow, or from people like us that will never need their paid features but will likely use them in an enterprise setting out of habit and comfort rather than do a true evaluation of all the CDN options available. Or people moving from free companies on the free tier to a bigger company that then will use them and upgrade to paid.
If it's just port blocking, why not run the services on other ports? OpenVPN or any other VPN software could get you secure remote access without issue, you run OpenVPN on whatever port you want and then you can connect to any service on your home machine from outside the house. A Tor hidden service could also be used, though you would sacrifice some speed and reliability.
Are you exposing those services so that stangers can also access them, or it's mostly about you and relatives using those services?
If it's for mostly private use, you could set up a mesh VPN network using Wireguard, or if you want something easier to manage you could look at Tailscale.
That way you'd also limit exposure of these services to the Internet and therefore minimize the risk of a security breach.
I use rathole tunnel (similar to frp) on VPS and Caddy locally. VPS and my local machine are connected with wireguard VPN. DNS points to VPS, TLS certificates are managed locally by Caddy.
You can use SSH to tunnel everything to a VPS. I also saw some alternatives on r/selfhosted
Does your router have a VPN server? Use that to get into your network. If not, maybe think about replacing the router with one that does (most do from the better manufacturers).
expired