I have several selfhosted services that I have been using for months, now I wish to access these while I am not at home. Likes of nextcloud, nocodb, wikijs and other media sharing self-hosted services
I would like to know what precautions should I take so no one knows that such a domain exists.
should I purchase a crazy numbered domain like 671341412312.com ? or should I go for .tk domains.
Would like to get some suggestions from this community on other aspects that I am missing.
VPN is the way to go. Could use this opportunity to upgrade your router. I bought a box from protectli and run OPNsense on it. There’s good documentation on how to set up a wireguard vpn, and the community is vibrant.
Its also nice because there’s lots of options so its a nice thing to grow and learn with.
Getting an obscure domain name doesn’t matter as attackers go straight to the IP address. If you have a certificate on your secret domain name, they have your domain the moment they hit port 443.
Don’t use “security through obscurity”; instead just secure your services or host a VPN.
If you go with a cert try to get a star cert that way you make it a little bit harder for hackers to find your subdomains.
Seriously as everyone suggests: use tailscale or another VPN. Tailscale is incredbly easy to setup.
6 to 9 digit .xyz domains are only around $1 a year, every year. That’s what I did and definitely recommend it. You can read more here.
Warning: tk domains registrar has 0 GDPR.
Might be irrelevant now, but I didn’t managed to delete my data once I wanted out
I never really understood the concept behind their free domains, but I never purchased a free/cheap domain after my first experience of getting charged 2-3 times for renewal.
However, are you talking about deletion of your personal data or your website data ?
Personal data.
They also moved a free domain that I have let expire to the paid ones, so if I wanted to renew I would have to pay… Which is kind of fair… They should also make money from somewhere…
When buying a domain read all the details: renewal fee are mentioned there. For me they were turnoffs in some cases.
I now have a .ovh as a cheap alternative. Iirc they are dirt cheap when you reserve the domain for 3 years…
This is my policy: For publicly accessible services like a website, I use a cloudflare tunnel. For restricted access to just a few users, I use a cloudflare tunnel and a cloudflare application to manage access authentication. For my exclusive restricted access to the infrastructure, I used tailscale.
ZeroTeir (or a VPN) - if all you want is to access those services from outside your network
IMO - the only reason to put something “on the internet” is so that the entire “internet” can access it
this ^ I use ZeroTier, and then point subdomains under my personal domain name at the ZeroTier IP for each of my devices. Then I can use those hostnames but no one else can, and name based virtual hosting is easy via wildcard sub-sub-domains
For example plex.desktop.mydomain.com -> *.desktop.mydomain.com -> desktop.mydomain.com -> 10.x.x.x
Try using Tailscale. It’s easy to use & free for personal use. It will only allow devices with Tailscale installed to view your self-hosted services. They have clients for mobile devices, PC’s, Mac’s and even Apple TV etc. Their technology is based on Wireguard so it’s very fast and secure.
- install opnsense
- set up geoip block where only IPs from your own country can ever initiate connection from the outside
- keep your stuff up to date
- enjoy security
Use tailscale
Crazy number domain doesn’t provide any security but you can buy a 1.111B class .XYZ domain for as cheap as 0,62USD a year
this is what i did. a 10 CHAR domain of only numbers with .win
VPN would be the quick and dirty
If it’s just select items, an service like azure app proxy maybe
I use WireGuard for most stuff. My Nextcloud instance is open though because I lien to upload photos I take pretty quickly to keep a backup