this post was submitted on 26 Dec 2025
23 points (84.8% liked)

Selfhosted

59923 readers
466 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
23
Question about accessing my services from corporate Network (feddit.org)
submitted 5 months ago by Feddinat0r@feddit.org to c/selfhosted@lemmy.world
20 comments fedilink hide all child comments
 

Well, hello there.

I run several services on my NAS at home.

I have a domain which always points at home and redirects port 80 to wikipedia.

Almost all ports are not forwarded, only for those which i want to have access to.

Example:

  • Paperless
  • Syncthing
  • FreshRSS

Now i work on my corporate computer and i cant access my services.

Why?

It blocks connections which go to a specific port.

Now i would love to access freshrss on adress:

Www.domainexample.com:1234

Which gets blocked.

Any ideas?

Messing with the local pc is of course forbidden.

you are viewing a single comment's thread
view the rest of the comments
[–] jeena@piefed.jeena.net 38 points 5 months ago (3 children)

Just use port 443 or 80 and use sub domains and a reverse proxy for each of your services.

For example:

https://rss.example.com/ goes to port 443 on your server where you run a nginx with letsencrypt. You set up a vhost for this subdomain which then internally proxies to your IP adress and port for freshrss.

I have it like that: https://rss.jeena.net/ and https://piefed.jeena.net/ and https://toot.jeena.net/ and so on.

[–] stratself@lemdro.id 10 points 5 months ago

Beat me to it. This is likely the best way as 443 is ubiquitously unblocked on most networks

[–] jeena@piefed.jeena.net 4 points 5 months ago (1 children)

If you don't want to mess with SSL you can do the same with port 80.

[–] ChapulinColorado@lemmy.world 5 points 5 months ago* (last edited 5 months ago)

But then you are sending credentials in clear text over the network. That will get logged on the corporate access logs ensuring a quick permanent vacation once they notice how careless the employee is, not to mention the mixing personal and work resources.

Edit: forgot to mention, most work devices also decrypt SSL traffic by using man-in-the-middle approach (unless they are very incompetent). Even stuff like personal email and shopping should not be accessed on a work device if you don't want your work to have your passwords.

[–] k4j8@lemmy.world 1 points 5 months ago

I do this too plus block all IPs via firewall except my work and home IP addresses.