which softwares can I self host without public IP?
from kionite231@lemmy.ca to selfhosted@lemmy.world on 25 Feb 08:24
https://lemmy.ca/post/39697674
from kionite231@lemmy.ca to selfhosted@lemmy.world on 25 Feb 08:24
https://lemmy.ca/post/39697674
Greetings,
my current ISP refuses to provide me a static IP and they also blocks incoming connection to my ipv6 so I can’t host services on just ipv6 too. I will be changing my ISP when the plan expires.
without public IP I can host my own IRC bouncer but I would like to know what else can I self host? Thanks in advance!
threaded - newest
Anything. You don’t need any services to be public unless you choose for them to be.
actually I was thinking about hosting my own fediverse service to own my data but I can’t do that without a static public IP and domain name.
As long as you’re not behind CGNAT, you can use a dynamic DNS provider (like duckdns.org) and its web API to keep a record pointed at your IP. If you’re behind CGNAT, Tailscale also has a service (Tailscale Funnel) that can expose an internal service to the internet.
You could also pay for a small VPS with a static IP, and set up a Wireguard tunnel to your home server and an HTTPS proxy to forward traffic through the tunnel.
Also, just in general, use Tailscale. It’s serious black magic fuckery on the firewall.
Yeah I am behind CGNAT so I guess I have to use either Tailscale or wireguard as other users also suggested.
Thank you for the reply!
Just to chip in, cloudflare tunnels are a thing and also transverse CGNAT. Or you could use LocalXPosed, and other sevices like that.
I tried using DuckDNS for a while for DDNS, but noticed it seemed to have frequent periods of a few minutes each when it just wouldn’t resolve. Also was unable to get a matrix/synapse setup working behind it. It’s handy as a free service and nice if you just need basic DDNS, but it’s not the most reliable for hosting stuff from my experience.
I eventually settled on buying my own domain. Was much cheaper and easier to figure out DNS management than I was expecting, and my hosted services run so smoothly now.
Edit RE: downvotes: fuck me for sharing my experience? Kinda thought that was the point of this community…
@whoareu cloudflare tunnel can easily help you do that. the only limitation is your domain will need to be from cloudflare. It works well, I am hosting an instance without any public IP and without exposing any ports.
Your domain need to be tied to cloudflare you don’t need to buy one from them. I just moved mine to them didn’t pay them a dime
You actually want a cloudfare tunnel if youre going to do that. It protects your real IP. Hosting a fediverse instance will draw attention to your real IP eventually otherwise.
If this is just for personal use, I’d see if you can put their router in modem mode and go get a better router, then I’d just use tail-scale or WireGuard.
tailscale is looking good I might try that
It’s amazing additionally you can run Mullvad through it that might solve your public IP issues but I only run my services for me and my house
I believe duckdns has a tool that checks your public ip on a schedule to update your subdomain. (Which they provide for free last I checked)
That would solve not having a static IP, not solving having no port forward right?
You usually only need to specify the internal host ip to setup a port forward. It should forward that to whatever the public ip is at the time.
If the isp is providing the model/router and generally being oppressive i highly recommend researching if you can place your own router behind it.
Oh I’m fine, static IP and so on, but, for example, my friend has this crappy shared ports system so I’m interested in something alleviating that. What you described seemed like the solution to non-static IP addresses so I just commented that.
Cheers
I mean you can host anything. It's just not reachable from the outside. And Fediverse or anything that gets data pushed in, won't work. The common method to handle all of this is to use some tunnelling solution.
Use Cloudflare’s free tier tunnel
They’ll shut it down if you send more than a few megabytes down that tunnel. It’s ok if you just need a connection (for ssh and stuff) but anything that generates a lot of traffic will be blocked.
I haven’t checked the ToS in a while but last I checked it was 50mb upload limit for the free tier and a loosely policed no video streaming. And they don’t shut you down if you send files larger than 50mb, the upload just fails. I served over 8 million requests through the free tier last month.
So then use dynamic dns? HurricaneElectric offers DynDNS now and it’s great. You can update it right over
curlif you want. I have it mapped to a cli function;~\downloads ❯ ddns HTTP/1.1 200 OK Cache-Control: no-cache, must-revalidate Content-Length: 18 Content-Type: text/html Date: Tue, 25 Feb 2025 09:24:18 GMT Email: DNS Administrator <dnsadmin@he.net> Expires: Wed, 25 Feb 2026 09:24:18 GMT Server: dns.he.net v0.0.1 nochg {ip}It’s not only not static It’s firewalled too! I can’t ping it from outside the network
Oh, damn. Not much you can do then. You may be eventually be able to get something outrageously complicated to work, but honestly it’s just plain not worth it. Just get a cheap VPS.
Best you could do is a forward server with tailscale and a reverse_proxy, but I’ve never had any real luck getting that type of setup to work reliably.
Did you configure NAT to the service(s) and/or DMZ to your internal server in your ISP’s router?
Not allowing even ping seems like it is against any sane networking configuration.
You don’t want to expose services to the internet
The best way would be to use a VPS to proxy your traffic to you. You can achieve this for pretty cheap, just set up an wireguard tunnel to a cheap VPS. That’s exactly how I access all my services from outside my home. As long as the VPS has a publicly accessible IP (most of them do), you being behind CGNAT should not be an issue.
This is the way OP
Look:
Just make sure you secure everything
As someone in a similar situation I’d recommend using a free tier oracle vps with a wireguard tunnel to connect to you services. Effectively just using the vps as a proxy for your own network. Here’s a guide that should work for your purposes github.com/mochman/Bypass_CGNAT
Oracle deletes servers with no warning and for no reason. I wouldn’t use them
Self host all your stuff and use tailscale if you just want to provide private services to yourself
You can use Tailscale, you can access your personal services with it but also expose public services with their Funnels system.
Keep in mind that while the clients are open source, their servers are running proprietary software.
I started using headscale (the opensource reimplementation of tailscale server) on a private vps. It is incredibly better compared to plain wireguard. I regret waiting so much before switching.
Something that really made my life easier: wireguard is poor at roaming: switching to and from my wifi created issues because the server wasn’t reachable anymore from its public ip and wireguard didn’t bother to query the DNS again to check the new IP. Also, configuration is dead simple because it takes care of iptables for you (especially good when you enables forwarding to a node).
Since the server just sends small messages for the control plane and all the traffic is p2p between the devices, the smallest vps with the smaller connectivity is more than enough to handle it.
.
I just have a script that checks my IP every few minutes and changes the DNS record as necessary
Basically everything. Self hosting doesn’t rely on public access.
Literally anything you want. You don’t need a static IP, any dynamic IP with a software updater will work. For example, I have some public sites proxied through Cloudflare, and I use the DDNS updater for Docker that keeps my DNS correct.
The ISP is blocking his ports too, it seems.
That’s an odd thing to see these days. I didn’t know ISPs still did that. I bet they offer a more expensive tier for businesses is why.
In my country no ISP will offer you a real IP address anymore. Not on IPv4 at least. So doesn’t matter if your ports are blocked or not, you are CG-NATted in any case.
Should check which ports.
Mine blocks 80 inbound and 25 outbound, but everything else I’ve tried works. (so no default http, and no outbound email)
I only really want 443 for simplicity, everything else can be random ports.
Why do you need to expose a service publicly?
Why do you need to make a question questioning OP needs, when he is looking for a solution to a problem?
Because of the XY problem. The problem OP is stating may not actually be the source of the issues OP is experiencing.
Finding out what OP is trying to do will better inform a solution and may make the stated problem irrelevant.
The question behind the question
Good point, but did it solve anything?
OP doesn’t seem to have responded, so no, but that’s not the fault of the question.
Because too often people are asking for a solution to the wrong problem. I can tell how to setup a car to drive from the Hawaii to Iceland, but odds are that is not your actual goal. (most often the correct answer is fly to iceland and rent a car, or perhaps just public transit in iceland. You can also put your car on a ship. It is possible to modify a car to drive on the ocean if that is really what you want to do)
Darn, i really wanted to drive to Iceland, now, you are downplaying my needs. I feel offended! /s
I'm not stopping you. However make sure you understand what you want to do and why it isn't recommended in general. It looks like an interesting project that I hope to read about sometime (hopefully not as a you sunk to the bottom of the ocean)
Because they are trying to blow off there own foot.
Rent a VPN, setup a wire guard tunnel and fuck your ISP!
Anyway having a real public IP on a residential block is basically impossible anywhere but in the USA, I guess.
Public IPV4 here. It’s not static, but very rarely rotates. DDNS ftw.
Telus Residential in Canada.
Straya. I have a static ip. Costs like 5$ a month
North America?
straya = australia
Thanks, I was thinking of the fitness app
That’s strava
Ah, yes. That’s the one.
CGNAT blows, but easy to workaround w/ a $5/mo VPS.
Put everything behind Tailscale or another VPN and use it that way from outside devices. There should be very little need to have a public IP, and if there’s something that has to be exposed, use ngrok, cloudflared or Tailscale Funnel.
Tailscale or Cloudflare will solve your problems.
Anything
I use cloudflare / cloudflared agent to provide features hosted locally
I just use a DDNS updater. That’s honestly good enough for most purposes.
Alternatively, you could use a service like Zerotier, Tailscale or Netbird to create a virtual private LAN connection to a free Oracle VPS, then route the traffic from the VPN to your home network.
That’s like ‘traffics’ and ‘manies’ and ‘mails’, right?
They don’t seem to realize that you can run whatever software you want internally.
Use VPN or DDNS connected to your domain registrar. Of course DDNS might not update immediately, especially if your domain host is not the same as your DNS provider, so you might have outages for short periods when your IP changes. So, depends on if you’re OK with that or what kind of connection you have and whether it changes your IP a lot.
Also, might be able to get an IPv6 address for free depending on your ISP or at least you can set up your router to request that your address block is retained for you. I know Comcast does this. Unfortunately, my ISP does not.
I use a cheap VPS and connect all my relevant devices to it via a VPN (aldo self hosted w/ wireguard). It’s $5/month and does the job.
You can self host anything like this, all you need is buying a domain and set something up like DynDNS which updates the entry of the domain with your new IPv4 as soon as it changes.
I would recommend to not open your services to public, but set up a wireguard (or other VPN) endpoint in your home, which you then use to access all your services.
I think, an alternative to that would be some servicees from tailscale or cloudflare, I suppose
nearly everything, you don’t need a static ip to selfhost, look up DDNS :>
You also could just do lan
Yup, everything in my setup is primarily used in my house. The only reason anything is publicly accessible is so I can show it off occasionally.
You could, but for many of us, the point of having access to our services is to have access from anywhere :-)