Hey all,

I’m setting up a homeserver and trying to figure out the best way to access it remotely. I’ve been looking at different solutions, but I’m a little stuck.

I’ve been looking at VPNs, but it feels weird, to route everything through my home IP when I’m also trying to use a commercial VPN for privacy / to combat services fingerprinting me based on my IP.

I’m currently considering a reverse proxy setup with an authentication provider like authentik or authelia, but as far as I understand, that wouldn’t work well with accessing services through an app on my mobile device (like for jellyfin music for example.) I did think about just opening up the ports and using a DDNS with a reverse proxy, but is’nt that like a big security risk?

Keep in mind I am no network admin, but I don’t have anything against learning if someone can point me in the right direction.

Also I heard some people say that on proxmox you should use unprivileged containers instead of vms for your services, does that hold up?

Any recommendations for tools or approaches?

  • Jediwan@lemy.lolEnglish
    152·
    2 days ago

    NGINX Proxy Manager and DuckDNS.

    Get DuckDNS set up first.

    Then go to DuckDNS.org and register a domain.

    Then go into NGINX proxy manager.

    It’s pretty straightforward, click “add proxy host”, then type the domain from duckdns (I like to do a different subdomain for each service, ie: calibre.mydomain.duckdns.org, homeassistant.mydomain.duckdns.org, etc.) and point it at your container with the service you want to access remotely.

    You’ll want to enable let’s encrypt. But other than that the defaults should be fine.

    • kratoz29@lemmy.zipEnglish
      2·
      7 hours ago

      CGNAT sends its regards.

      (Although if you have IPv6 access you might get around this… But even in 2026 you will face issues going only this way).

      • vaionko@sopuli.xyzEnglish
        2·
        6 hours ago

        I am behind GCNAT, and my ISP doesn’t do IPv6. I have a free tier VPS from Oracle that uses wireguard to tunnel packets to my home server.

    • user314_lemmus_v3s@lemmy.worldEnglish
      2·
      8 hours ago

      I’ve been using this setup for years, then one day just installed caddyserver. No certbot, no boilerplate nginx config etc.

      I was still using nginx for internal services but then replaced it with “fabio lb” because it works well with consul.

      I was so happy do discover it that I want to share it with everyone ¯_(ツ)_/¯.

      Thank you for your attention on this matter.