Selfhosted

53767 readers

652 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

How to selfhost with a VPN (95.181.238.34:40152)

submitted 3 months ago* (last edited 3 months ago) by humanoidchaos@lemmy.cif.su to c/selfhosted@lemmy.world

68 comments fedilink hide all child comments

These are some quick n' dirty instructions so people can get up and running fast.

I wish I had known this was possible sooner.

Instructions:

Check that your VPN supports port forwarding and you have it enabled.

Grab your VPN's internal IP with ip a

Find the interface for your VPN. For me it's called tun0.

Open up /etc/nginx/nginx.conf

You can back it up, or comment everything out, or pick what's necessary. Here's what my file looks like.

	worker_processes  1;
	include modules.d/*.conf;

	events {
		worker_connections  1024;
	}
	http {
		server {
			listen [VPN INTERNAL IP]:[VPN FORWARDED PORT];
			server_name  localhost;
			location / {
				root '[ABSOLUTE PATH TO YOUR WEBSITE ROOT FOLDER]';
				index index.html; # Relative to your website root.
			}
		}
	}

Make sure your permissions are correct. For me, the 'other' group needs read permissions to the root folder, including where it's mounted.

Start nginx with systemctl start nginx

You can visit your website on your host machine in a browser at [VPN INTERNAL IP]:[VPN FORWADED PORT]. For me, using the internal IP is required to view the website on my host machine.

To view the website on other machines, you can use [VPN EXTERNAL IP]:[VPN FORWARDED PORT]. The only thing you need to change is the IP address.

I hope this works for you and you are inspired to selfhost and take back power from those who stole it from us.

you are viewing a single comment's thread
view the rest of the comments

[–] humanoidchaos@lemmy.cif.su 14 points 3 months ago (27 children)

Thanks.

It's my understanding that https provides encryption for the data sent between you and the server. If you're not sending any sensitive data, then the encryption shouldn't be necessary.

Don't get me wrong, encryption is great even when it isn't necessary. For my demonstration purposes though, I chose not to include it.

I also believe it's possible to set up HTTPS encryption without a domain name, but it might result in that "we can't verify the authenticity of this website" warning in web browsers due to using a self-signed certificate.

[–] SMillerNL@lemmy.world 1 points 3 months ago (3 children)

It's my understanding that https provides encryption for the data sent between you and the server. If you're not sending any sensitive data, then the encryption shouldn't be necessary.

As others have pointed out, everything can be sensitive. If I’m self hosting nextcloud instance with chat that under British law should check for age… self hosting is now sensitive.

In addition to that, without a secure connection you’re stuck with HTTP/1.1 from 1999 instead of the modern 2 or 3 versions.

I also believe it's possible to set up HTTPS encryption without a domain name, but it might result in that "we can't verify the authenticity of this website" warning in web browsers due to using a self-signed certificate.

You can: https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate

[–] N0x0n@lemmy.ml 1 points 3 months ago (2 children)

In addition to that, without a secure connection you’re stuck with HTTP/1.1

That's not entirely true. A lot of requests, even with https, are send over HTTP/1.1. And this is kinda mind blowing that in 2025 we still rely on something so old and insecure...

Same goes with SMS and the old SS7 protocol from 1970... 2FA SMS is probably the most insecure way to get access to your bank account or what ever service promotes 2FA sms login.

[–] falynns@lemmy.world 3 points 3 months ago

I can't believe SMS is still used for anything but sure OTP sent in text makes sure my account is secure Mr Bank.

load more comments (1 replies)

load more comments (24 replies)