this post was submitted on 28 Mar 2026
31 points (97.0% liked)

Selfhosted

60093 readers
969 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 7 days old, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
31
Collaborate: VPN or Open Access? (feddit.org)
submitted 2 months ago* (last edited 2 months ago) by schjefer@feddit.org to c/selfhosted@lemmy.world
11 comments fedilink hide all child comments
 

Hey folks,

I‘m new in the HomeServer business. So I started with two little applications on my Proxmox: paperless and do most

In the next time I’ll start a little project to collaborate more. Current I connect to my HomeServer with VPN. But if other people start connecting to my instance it would be useful to get an other secure system.

What is the way you prefer to give other people like your fam or friends access to your services (e. g. nextcloud)?

Thanks for helping an newbie!

top 11 comments
sorted by: hot top controversial new old
[–] tea@lemmy.today 8 points 2 months ago

I do both. Wireguard VPN for anything that's just me. Expose via nginx proxy for things that are shared with friends and family.

[–] hendrik@palaver.p3x.de 8 points 2 months ago* (last edited 2 months ago)

I'll just open them up to the internet via an nginx reverse proxy. Make sure sign up is disabled in the applications, and something blocks people from brute-forcing passwords. Pretty sure Nextcloud comes like that per default. And I'll do updates. And see if I can run stuff in containers or seperate users so in the unlikely case something happens, access to one of my services doesn't compromise the entire server.

Lots of other people use VPNs though. Like Wireguard, Netbird, Tailscale...

[–] pgo_lemmy@feddit.it 4 points 2 months ago (2 children)

I wouch for the VPN route... VPN servers are built to be exposed, are hardened/engineered to resist the harshness of the net and are somewhat safe even with default settings.

Should you publish on the wild a few web apps, you would have to harden, monitor and manage a bunch of environments and/or frameworks with a load of quirks each.

A VPN is easier to maintain and safer for your data with a lower effort.

[–] irmadlad@lemmy.world 1 points 2 months ago

I wouch for the VPN route…

Found Barry Kripke

[–] schjefer@feddit.org 1 points 2 months ago (1 children)

At least of all the answers I prefer your way the most. So you set up a WireGuard access for all of the devices of your users on your router or did you install the vpn-system directly on the homeserver?

[–] pgo_lemmy@feddit.it 1 points 2 months ago

my home router is the stock one from my isp and have no vpn capabilities.

I put a port forward on the router and then configured everything on the internal node; in my case it is an opnsense vm running on proxmox.

[–] irmadlad@lemmy.world 3 points 2 months ago

I don't give access to any of my services to anyone, especially family or friends. LOL However, you could investigate Tailscale, Headscale, Wireguard. Additionally, if you set up Cloudflare Tunnel/Zero Trust, you can give individual users a unique access to your server. For example: You can allow alice@mysupercoolserver.com to access https://home.mysupercoolserver/shell but deny bob@mysupercoolserver.com. Only allow bob access only to https://home.mysupercoolserver/media.

[–] SteveTech@aussie.zone 2 points 2 months ago (1 children)

I've been preferring mTLS recently. I still use a VPN for management, SMB/NFS, and anything important. But I use mTLS for web services that I'd like to access without having a VPN active all the time. Although, if your web service had a mobile app, usually they don't play nicely with mTLS, so a VPN would be required for me, but Home Assistant and TrilliumDroid do have mTLS support.

[–] village604@adultswim.fan 1 points 2 months ago (1 children)

Do you happen to know of any guides on setting mTLS up?

I didn't find much other than descriptions of the technology from my search, but I'm probably not using the right terms.

[–] SteveTech@aussie.zone 2 points 2 months ago

I don't remember which one I specifically used, but theres plenty that show when you DDG "mtls nginx". There's probably others specific to other reverse proxies too.

[–] Decronym@lemmy.decronym.xyz 1 points 2 months ago* (last edited 2 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
HTTP Hypertext Transfer Protocol, the Web
NFS Network File System, a Unix-based file-sharing protocol known for performance and efficiency
SMB Server Message Block protocol for file and printer sharing; Windows-native
VPN Virtual Private Network
nginx Popular HTTP server

4 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

[Thread #197 for this comm, first seen 29th Mar 2026, 00:20] [FAQ] [Full list] [Contact] [Source code]