I finally bought a domain! Now what
from philanthropicoctopus@thelemmy.club to selfhosted@lemmy.world on 02 Jul 03:45
https://thelemmy.club/post/51970595

Hi everyone

Thanks for all the advice on buying a domain. Its a big week for me. Getting on grapheneos, buying a domain, and I also recently started self hosting my contacts and calendar. I love this way of life.

My original plan was to one of the xyz 1.1111b domains for $1 a year but most of the feedback I got said just go with cloudflare. Its a lot more money than I had planned but all the security features are baked in and I feel that’s worth the extra money.

Here are my questions. I use the latest version of truenas community

  1. How do I connect my domain to my server apps? I’ve got a series of apps I’d love to he able to access without tailscale and solely use the domain.
  2. I have heard the term DNS a million times but don’t really understand it. What do.I need to know about DNS to keep security up and stay protected
  3. I’d like to let family access my media server, are there any considerations I need to make?
  4. How can I use one domain to access multiple services on my server? Do I need to pay extra for subdomains?

Thank you for any advice

#selfhosted

threaded - newest

frongt@lemmy.zip on 02 Jul 03:57 next collapse

I would strongly encourage continuing to use tailscale or another VPN. The more you expose to the Internet, the more opportunities you present to an attacker. If you family also uses the VPN client, they can access the systems in the same way.

Plenty of learning material out there on DNS. But no, you don’t have to pay extra for subdomains. You can put the records up on cloudflare or host them internally. Generally it’s considered bad practice to put local records in public DNS, but it doesn’t actually matter that much.

You can set up a reverse proxy to route traffic to each service based on the domain name used. Most people use caddy, some use traefik, and some use nginx proxy manager.

someonesmall@lemmy.ml on 02 Jul 05:20 next collapse

This. Do not expose any service to the internet or even LAN. All clients need to connect via VPN to your machine, no matter if from LAN/home or on the road (WAN/Internet). You can still use a reverse proxy and custom domain names so inside the VPN network everything is HTTPS and each service has a nice domain name.

philanthropicoctopus@thelemmy.club on 02 Jul 05:32 next collapse

How can I force https on my apps

valar@lemmy.ca on 02 Jul 05:36 collapse

This seems a bit extreme to me. I have services exposed to the Internet, with reverse proxy and auth.

philanthropicoctopus@thelemmy.club on 02 Jul 05:31 collapse

This is where I get really lost. I’m probably going to get this wrong so here goes

My understanding was tailscale is to connect different machines across the internet, but that a traditional VPN hides your information

I got a domain so I could use my traditional VPN and access my server. At the moment, every time I want to access my server, I have to turn off my VPN so I can turn on tailscale. That’s the exact scenario I’m trying to avoid by getting the domain.

Again, I’m sure I’ve got some stuff wrong here but that’s my current understanding

artyom@piefed.social on 02 Jul 04:12 next collapse

How do I connect my domain to my server apps?

Go to your domain provider and configure it to point requests to your server IP address. Use reverse proxy to connect those requests to a specific “app”. Most often NGINX.

I have heard the term DNS a million times but don’t really understand it

The oversimplified version is that it’s “the phone book of the internet”. Users domain requests are sent to it and then it forwards said requests to the appropriate IP address.

I’d like to let family access my media server, are there any considerations I need to make?

Are you hosting on a VPS or a home server?

How can I use one domain to access multiple services on my server?

Subdomains

Do I need to pay extra for subdomains?

No.

valkyre09@lemmy.world on 02 Jul 04:22 next collapse

Cloudflare tunnels is a great way to expose services on your network to the web.

You run a program in your server, it makes a tunnel, then you configure it on the website to visit the internal link in your network, eg

If you’re hosting a web server at home, you could have something like:

www.mydomain.net > 192.168.1.55:8080

You can also have cloudflare protect access to that website with email verification, google / Microsoft accounts etc.

It’s a lot to learn, but it’s very handy once you get the hang of it.

Here’s a YouTube video on the basics: youtu.be/Q5dG8g4-Sx0?is=J7KvNZoyjsEq33fO

philanthropicoctopus@thelemmy.club on 02 Jul 05:25 collapse

Thank you for this tip

I have just set it up and holy shit it worked straight away! This is so exciting!

My question, now that my apps are exposed to the internet, aside from having strong passwords is there anything else I should be doing to keep safe?

I just read no media servers on free tunnels so I’ll have to use nginx for jellyfin

EmilieEasie@fedinsfw.app on 02 Jul 04:54 next collapse

Just commenting so I remember to come back later, sorry 😊 I wanna see what people say

Svinhufvud@sopuli.xyz on 02 Jul 05:18 next collapse

I recommend you make A and AAAA records for the top level domain you own, and then set the needed subdomains as CNAME entries.

example.com points to your IP addresses, and the subdomains point then to your top level name.

This avoids you having to point a new IP at multiple places (be it manually or by dyndns) when/if your public IP changes.

Then you can set up a reverse proxy (caddy for example, it comes with automatic TLS), bind ports 80 and 443 to it, and route the traffic based on the domain name a client is trying to connect to.

So jellyfin.example.com would lead to your reverse proxy which would forward it somewhere internally, say 192.168.1.10:8096 for example.

This way you can use one top level domain for multiple services, and not have to specify ports when connecting externally

darklamer@feddit.org on 02 Jul 05:58 collapse

I have heard the term DNS a million times but don’t really understand it.

Learn about DNS, it’s the glue that holds the internet together, any time you spend on learning more about DNS will quickly pay off. You probably already know that it’s what maps domain names to IP addresses and vice versa, but it can be used for loads of other useful things too.

(My own two favourite not well known but totally standardized really convenient things to use DNS for is to provide SSH host key fingerprints through DNSSEC and requesting letsencrypt certificates for host names without any webserver.)