I have a self hosted server running yunohost that I use for a few services for my own use all of which require login to use so they’re safe enough.

However I’m increasingly uncomfortable with the fact that anyone can discover my home IP via my domain name. Especially if I decided to install something like Lemmy or Mastodon.

Yunohost installs dyndns as part of it’s setup but, aside from buying a fixed IP from a VPN provider that allows incoming connections I’m not sure what other options I have

I can’t change very much on the modem router either. I can forward ports but that’s about it.

I can add and manage new domains if necessary.

Any and all ideas welcome but, as you can guess from the fact I’m using yunohost, my networking knowledge is limited so please eli5 :)

  • @[email protected]
    link
    fedilink
    English
    1
    edit-2
    1 year ago

    I’d disagree with the other post (Running any software on your home network is insecure, but so is having your network connected to the internet).

    You should not be opening ports in general. There are various ways to do this:

    1. Create a site-to-site wireguard VPN with a lightweight VPS from someone like Digital Ocean, install a reverse proxy + WAF on this VPS, and setup a tunnel between it and your network.
    2. Use a service like Cloudflare Tunnels (free) to basically do the same thing

    Generally, your host should be on it’s own network/vlan with limited/no access to other VLANs within your network.