hi everyone,
I was just about to self-host a Ghost blog but then was warned that my ISP might change my external IP address at any time, so I would need to pay for a static IP address.
Is that true?
(I’d not seen much about that in stuff I’ve looked up so far about self hosting)
You must log in or # to comment.
No, you don’t. Use Tailscale to expose your blog.
How are you hosting? And do you have a domain? Lot’s of good advice here, but knowing if you’re running on a Pi, in Docker, etc, would help others give you the easiest/best method.
In short, you do not need a static IP.
YunoHost has automatic DNS updates
https://doc.yunohost.org/admin/tutorials/domains/dns_dynamicip/
Some of the other options are cloud flare tunnel or ddns that would give you static ip effect without static ip
You can rent a virtual private server (VPS). I used to have a number of these for under $10 / month. I imagine they might cost more now., but chances are you can still find something super affordable.
Wordpress.org will let you have a free site but you don’t get a custom domain. Wordpress.com has a personal plan for $4 / month. Matt Mullenweg (CEO) has revealed himself to be a crazy piece of shit, so maybe look elsewhere. I’m just trying to give you a sense of how accessible this stuff can be.
Running a VPS will require more learning, but it can be super gratifying if you enjoy nerdy computer stuff and solving puzzles just for self-satisfaction. I used to use Rackspace, Linode, and something else that I can’t recall at the moment. All were pretty reasonable. Rackspace had a ton of good setup guides for newbies that were well written. I’d occasionally land on those doing a web search for other hosting stuff and found them reliable.
Edit: DigitalOcean was the one I couldn’t remember.
https://www.hetzner.com/european-cloud Netzner can be a good alternative
I would stand up a VPS in a cloud provider
You only need a static address for hosting email or VoIP.
You can do just about everything else with DDNS (dynamic DNS). However with DDNS, you will have downtime until the DDNS update takes effect and propagates to clients. This can be seconds… or hours. Depends on the DDNS service and TTLs that they set and how quickly your script/DDNS client works to push the update out.
You should check how often your address changes and check how quickly your DDNS solution pushed the update out. If it’s 10 seconds every 10 months, you will likely find that perfectly acceptable. If it’s an hour every other sunday… maybe not. But only you will know how much downtime you can tolerate.
I always will take static IP personally. But it’s not technically required and you can work around it if you want to save the 10-15$/month.
Edit: You could also argo tunnel if you’re okay using cloudflare. But I don’t think that answer is particularly in scope of the question. But just in case it’s useful to someone out there I’m adding this edit. Doesn’t fix the PTR requirement for Email and VoIP stuff though.
I run an smtp relay exactly for that kind of stuff with emails. Clients still like wordpress and this is easy to use, many other will accept an smtp relay/service like say gmail (the first one I could think of)
Yeah that’s another option as well… Services like dynu.com or smtp2go.com do exist… but you have to pay for them and there is a risk that the service can open/read your messages.
chance you take with pretty much everything you don’t control. I do use as much as I can to protect emails (not that much really)
Well yes… but if you’re goal to self-host is to control your data, it’s a bit counter productive to use those relays services that inject that problem right back into your setup again.
Edit: I’m not necessarily arguing… just putting the information out there that the services exist, but might not be a good fit.
oh yeah - but I don’t recommend anyone really self host an smtp server… many many issues right there especially as most isps block the ports required and the IP addresses are often blocked as well. Just use a service and don’t spam and all should be well (so don’t get sending newsletter emails all the time)
You only need a static address for hosting email or VoIP.
Email works fine with non-static IP addresses. I suspect VoIP does too.
No it does not. You need an active PTR record for email to work for most of the major carriers (Gmail, O365, etc…). Many providers will just outright block consumer IP ranges as well.
You cannot host an email server on dynamic addresses.
Edit: And you’ve edited in the VoIP part of your comment… Same thing there, you need PTR and such for those services to work well… Which generally can’t be assigned to dynamic addresses.
I never had an issue doing VoIP on a dynamic IP.
Then you have a SIP trunk provider that doesn’t validate domain ownership… I’d like to know that companies name if you don’t mind sharing. They’re stupidly rare to the point that I view it as a unicorn situation.
Edit: To clarify, I’ve tried finding such providers and failed for several years… They all want PTR validation for “security”
Ehh, yeah, it used to work fine. You’re right that is a much harder things to do these days
PTR lookups has been a thing for email servers for a very long time… “used to work fine” would have been early 2000’s as far as I can remember.
PTR is de facto requirement for over 20 years now. So unless you’re talking about pre-turn of the century, not really… email servers haven’t worked without PTRs for a very long time.
I had to look it up, but Yahoo and AOL implemented PTR checks in 2003-2004. Gmail had it out of the box in 2004.
Can you run a server without it? Yes… and it will work with any other server that doesn’t mandate valid PTR records. But no major consumer email server has supported receiving mail from a PTR-less server for 20+ years now. So you’re not going to be able to email basically anyone from your server.
Yes, I already agreed with you…
Reverse DNS is different than static IP.
But yes for outbound email, if you can’t control reverse DNS you will have pain. (Inbound is totally fine) You can in theory just use whatever hostname the ISP’s reverse DNS resolves to however you will get some spam score (or be rejected) as it doesn’t match your “from” domain.
Outbound email is a huge pain really no matter what. Unless you have a long-term lease on the IP and it isn’t in a bad network you really have to pay someone else if you want reliable delivery.
You can’t assign a PTR record without a static address though. No ISP will do PTR that follows DHCP updates. I haven’t had issues with my leased IPs from my ISP (Through Centurylink). Though a year back I moved and haven’t been able to get a leased IP from my new provider… I have to relay my emails now through a service, that has been a pain in the ass. But now we head into anecdotal nonsense.
And yes, we’re talking about hosting services. We’re in Selfhosted… and the OP is talking about publishing their ghost website… a webserver.
But no, email is otherwise not an issue. I’ve been selfhosting a couple of personal domains for over a decade without issue. I also host several email services for work… no issues outside of some of our clients who want us to use their SMTP servers which apparently suck. But not my issue if their IT fails at managing it.
Edit: DHCP -> PTR auto follow is a thing that exists though… which just makes it sad that ISPs don’t support it. I literally have hostname updates available and used inside of my own network. Just another sad day when pro-sumers are able to implement RFCs (RFC 2136, opnsense pushes updates to my internal DNS servers) better than ISPs.
You don’t need a PTR record though. I just use DKIM and SPF and have no issues.
https://www.reddit.com/r/sysadmin/comments/1iu0x33/anyone_else_seeing_ptr_record_issues_with_m365/
Yes you do need a ptr. The big services will outright block you.
Google I know for sure does not. They don’t even list it as a requirement. https://support.google.com/a/answer/174124?hl=en
Does anyone know of a short course I could do/attend that teaches the basics of this networking stuff?
Your local college might do networking courses/stuff. honestly though, there’s enough youtube content out there by really respected people that you can likely just get away with that… Start with words/topics you see mentioned in this thread. Example, search youtube for DDNS… and if that video says something you don’t understand search for that topic. Eventually you’ll have a decent grasp on what’s going on.
yeah fair play - I’ll go that route. Do you happen to know any content creators who explain stuff well in this area?
(Context - our self-hosting is part of a wider project to make self-hosting easier, on the cheap, for normies)
“works fine” as in you can pretend it works, but you will get filtered by any larger email provider.
Dynamic IPs are filtered out, even on my server. This is done by using scores provided by Spamhaus. The majority of connects from such IPs are botnets.
You can run a private server on your dynamic IP. It should not connect to public servers though.
As others have said, you can use dynamic DNS, but you also might have an IPv6 address that doesn’t change. Or maybe it does, you’ll have to check with your ISP. But that one can be set up as an AAAA record in your DNS.
Most ISPs support IPv6, but some don’t, so you might not be accessible to everyone without also having an A record.
I recommend afraid.org, you get everything that you need for free dynamic dns, and they’re a cool project so someday you may like to do even more with them or send them a little donation.
I started with noip first, and the monthly re-up was so annoying.
They are excellent
Seconded. Used their service for many years.
I selfhost my blog without a static IP. You just need Dynamic DNS.
Keep in mind that your outbound bandwidth might be different from your inbound. I get 300mbps in, but only 5mbps out. It’s not noticeable during normal Internet use, but as you start sharing content publicly, limited bandwidth becomes really noticeable.
Don’t even need dynamic DNS. Just use ddclient to update your DNS record if your IP changes.
That’s called dynamic DNS (it’s the dd in ddclient).
Yes, but there used to be specific dynamic DNS providers or ones that advertised as that but you don’t specify need those now.
Whether your ip changes frequently depends on your ISP, but it’s not necessary to have a static ip. My public IP changes about once a year, but I use my router to update my dns and make ally external services rely on DNS and not IP to connect.
You can also do this, look up “dynamic DNS”. You just need to register a DNS name (can be free) and set up the updates to make it accurate.
I could make this quick: Is your internet access behind a CG-NAT? If yes: you’re gonna need a static IP.
Not necessarily, Cloudflare tunnels, headscale/tailscale will sort that issue out amongst several other ways
But how will a tailnet help for a blog? At some point, the https port needs to be open.
tailscale will tunnel through and you can set it to pass through https. Lots of different ways to achieve this, as long as you have control over the dns and are able to set https up it will work. This is why for me I still use cloudflare, you can even setup a subdomain through their tunnels and they act as a cdn. For example, I run a linkstack instance, send instance and much more
Tailscale funnel is made for this.
I was going to use Cloudflare to sort this, but I’m uncomfortable how big they are getting / lack of competition in that part of the market. So we looked at Pangolin as an alternative, but it’s a faff to self host.
Hence why we’re back at exposing it straight out the back of Nginx Proxy Manager.
I get that… fo me though as I have been using Cloudflare for many years I can’t see any reason to change yet. That of course may change
My router says it has NAT enabled (in the WAN settings section - for the internet connection)
It’s not about your router. But rather if your ISP connects several households with the same IP.
Quick, but sadly incorrect
Care to explain what I got wrong?
Static IP is helpfull but not necessary. Even with NAT and a changeing IP there’s options, such as:
- dynamic dns.
- Public reverse proxy or tunnel.
- Onion routing.
- How do you open the https port behind a nas?
- That public tunnel needs at least a public IP address again.
- Ok, forgot that one. But then you’re only accessible through Tor, isn’t it?
- Port forwarding
- Yes, and there’s services that do that for you
You can’t port-forward if you sit behind a nat.
Port forwarding was invented for exactly that
As others have already commented, what you need is a Dynamic DNS service, where you register a subdomain, and setup a small program or script on your computer that pings the DDNS server every few minutes, that way you leave that running on the background, and if the program detects that the IP with the request changes, it will update the subdomain to point to it automatically.
You could access the blog from the subdomain of the DDNS directly or if you get your own domain, you can point it to the DDNS.
If you want a recommendation, I have been using DuckDNS for years, and it has been pretty reliable.
There’s also FreeDNS. Their only ask is that you log into the account once every 6 months so they know you’re still using it.
Thank you for your replies everyone!
I’m looking into DDNS. Before I go with a provider, I notice that my router has this functionality built in. Should I use that?
(It’s an Asus RT-AX86U Pro - so fairly chunky in terms of spec)
For reference, the set up is:
Docker containers for
- Ghost
- Nginx Proxy Manager
Running a service like ddclient may give you more options at the cost of being more complicated.
(It’s an Asus RT-AX86U Pro - so fairly chunky in terms of spec)
I have your exact router make and model! I self host my own server with a domain on my home network and make use of the built in DDNS feature.
My domain registrar is Cloudflare so I have to use a custom script for DDNS, if you’re in the same boat I can provide the script.
I would suggest looking into Asus WRT Merlin Firmware, the custom firmware enables more functionality to your router.
Docker containers for
- Ghost
- Nginx Proxy Manager
When hosting a reverse proxy like Nginx, Traefik, SWAG, Pangolin, etc keep in mind you 80:80 and 443:443 ports need to be exposed to the host machine then you will forward those ports on your router. This will allow your reverse proxy to communicate with Lets Encrypt generating and verifying your SSL certificates.
Regarding Lets Encrypt you don’t your server doesn’t need to be accessible from the internet if you use the DNS-01 challenge. Caddy with the caddy-dns plugin for your provider can do that automatically for you.
That would be a good place to start. Which providers does it support?
Seconding this, it is very convenient if your router supports a good provider. But it is better imo to use a good provider with a helper script on your server than to stick with your router defaults if they’re not that good.
Hope this helps:
It makes things easier, but you have options, such as:
- dynamic dns.
- Public reverse proxy or tunnel.
- Onion routing.
You don’t need one, but it does make things easier.
What you can use is something like Dynamic DNS to update your DNS record if your IP ever changes.
