Greetings,
my current ISP refuses to provide me a static IP and they also blocks incoming connection to my ipv6 so I can’t host services on just ipv6 too. I will be changing my ISP when the plan expires.
without public IP I can host my own IRC bouncer but I would like to know what else can I self host? Thanks in advance!
I use a cheap VPS and connect all my relevant devices to it via a VPN (aldo self hosted w/ wireguard). It’s $5/month and does the job.
I just use a DDNS updater. That’s honestly good enough for most purposes.
Alternatively, you could use a service like Zerotier, Tailscale or Netbird to create a virtual private LAN connection to a free Oracle VPS, then route the traffic from the VPN to your home network.
Use VPN or DDNS connected to your domain registrar. Of course DDNS might not update immediately, especially if your domain host is not the same as your DNS provider, so you might have outages for short periods when your IP changes. So, depends on if you’re OK with that or what kind of connection you have and whether it changes your IP a lot.
Also, might be able to get an IPv6 address for free depending on your ISP or at least you can set up your router to request that your address block is retained for you. I know Comcast does this. Unfortunately, my ISP does not.
Put everything behind Tailscale or another VPN and use it that way from outside devices. There should be very little need to have a public IP, and if there’s something that has to be exposed, use ngrok, cloudflared or Tailscale Funnel.
Basically everything. Self hosting doesn’t rely on public access.
Tailscale or Cloudflare will solve your problems.
Rent a VPN, setup a wire guard tunnel and fuck your ISP!
Anyway having a real public IP on a residential block is basically impossible anywhere but in the USA, I guess.
Straya. I have a static ip. Costs like 5$ a month
Public IPV4 here. It’s not static, but very rarely rotates. DDNS ftw.
Telus Residential in Canada.
Literally anything you want. You don’t need a static IP, any dynamic IP with a software updater will work. For example, I have some public sites proxied through Cloudflare, and I use the DDNS updater for Docker that keeps my DNS correct.
The ISP is blocking his ports too, it seems.
That’s an odd thing to see these days. I didn’t know ISPs still did that. I bet they offer a more expensive tier for businesses is why.
In my country no ISP will offer you a real IP address anymore. Not on IPv4 at least. So doesn’t matter if your ports are blocked or not, you are CG-NATted in any case.
Should check which ports.
Mine blocks 80 inbound and 25 outbound, but everything else I’ve tried works. (so no default http, and no outbound email)
I only really want 443 for simplicity, everything else can be random ports.
Anything. You don’t need any services to be public unless you choose for them to be.
actually I was thinking about hosting my own fediverse service to own my data but I can’t do that without a static public IP and domain name.
You actually want a cloudfare tunnel if youre going to do that. It protects your real IP. Hosting a fediverse instance will draw attention to your real IP eventually otherwise.
As long as you’re not behind CGNAT, you can use a dynamic DNS provider (like duckdns.org) and its web API to keep a record pointed at your IP. If you’re behind CGNAT, Tailscale also has a service (Tailscale Funnel) that can expose an internal service to the internet.
You could also pay for a small VPS with a static IP, and set up a Wireguard tunnel to your home server and an HTTPS proxy to forward traffic through the tunnel.
Also, just in general, use Tailscale. It’s serious black magic fuckery on the firewall.
I tried using DuckDNS for a while for DDNS, but noticed it seemed to have frequent periods of a few minutes each when it just wouldn’t resolve. Also was unable to get a matrix/synapse setup working behind it. It’s handy as a free service and nice if you just need basic DDNS, but it’s not the most reliable for hosting stuff from my experience.
I eventually settled on buying my own domain. Was much cheaper and easier to figure out DNS management than I was expecting, and my hosted services run so smoothly now.
Yeah I am behind CGNAT so I guess I have to use either Tailscale or wireguard as other users also suggested.
Thank you for the reply!
Your domain need to be tied to cloudflare you don’t need to buy one from them. I just moved mine to them didn’t pay them a dime
Self host all your stuff and use tailscale if you just want to provide private services to yourself
Anything
I use cloudflare / cloudflared agent to provide features hosted locally
I just have a script that checks my IP every few minutes and changes the DNS record as necessary
You can use Tailscale, you can access your personal services with it but also expose public services with their Funnels system.
Keep in mind that while the clients are open source, their servers are running proprietary software.
I started using headscale (the opensource reimplementation of tailscale server) on a private vps. It is incredibly better compared to plain wireguard. I regret waiting so much before switching.
Something that really made my life easier: wireguard is poor at roaming: switching to and from my wifi created issues because the server wasn’t reachable anymore from its public ip and wireguard didn’t bother to query the DNS again to check the new IP. Also, configuration is dead simple because it takes care of iptables for you (especially good when you enables forwarding to a node).
Since the server just sends small messages for the control plane and all the traffic is p2p between the devices, the smallest vps with the smaller connectivity is more than enough to handle it.
As someone in a similar situation I’d recommend using a free tier oracle vps with a wireguard tunnel to connect to you services. Effectively just using the vps as a proxy for your own network. Here’s a guide that should work for your purposes https://github.com/mochman/Bypass_CGNAT
Oracle deletes servers with no warning and for no reason. I wouldn’t use them
The best way would be to use a VPS to proxy your traffic to you. You can achieve this for pretty cheap, just set up an wireguard tunnel to a cheap VPS. That’s exactly how I access all my services from outside my home. As long as the VPS has a publicly accessible IP (most of them do), you being behind CGNAT should not be an issue.
This is the way OP
