I’m not really sure how to ask this because my knowledge is pretty limited. Any basic answers or links will be much appreciated.
I have a number of self hosted services on my home PC. I’d like to be able to access them safely over the public Internet. There are a couple of reasons for this. There is an online calendar scheduling service I would like to have access to my caldav/carddav setup. I’d also like to set up Nextcloud, which seems more or less require https. I am using http connections secured through Tailscale at the moment.
I own a domain through an old Squarespace account that I would like to use. I currently have zero knowledge or understanding of how to route my self hosted services through the domain that I own, or even if that’s the correct way to set it up. Is there a guide that explains step by step for beginners how to access my home setup through the domain that I own? Should I move the domain from Squarespace to another provider that is better equipped for this type of setup?
Is this a bad idea for someone without much experience in networking in general?
You must log in or # to comment.
Three steps:
- point the FQDN to your network (Dynamic DNS).
- set up reverse proxy (Nginx, etc.)
- set up certificates (Certbot, etc.)
Optional step 4: harden with fail2ban and a firewall.
I would say this would be the proper way to do it (at least as a sysadmin), but since it’s OP’s first time I would simplify it to:
- Install CloudFlare ZeroTrust daemon on your local server;
- Set up reverse proxy such as Nginx (optional, the alternative is to use a different subdomain for each service, which might be easier);
- Point the FQDN to CloudFlare.
Let CloudFlare handle the certificates, DDoS protection, etc… Link if you’d like to give this setup a try.
Cloudflare isn’t very self-host, unless you want/need to trust a third party I wouldn’t recommend this.
They provide decent defaults for all the not-so-straightforward configurations, and they provide a web UI to configure the rest. That’s the sole reason I would recommend it to get one’s feet wet without having to work too much.
If one is committed to do things “the right way” they could switch to Nginx and “proper” self-hosting later.
Caddy with caddyfile is very easy although it lacks a gui. Use nginx proxy manager if you want a gui, but it is more work than a caddyfile.
- Consider getting a VPS to play around with to learn how this stuff works before you expose your data to the internet.
- Learn about how DNS works. You will create an A record (and possibly also an AAAA recordy) for your domain pointing to your home IP (or VPS).
- If SquareSpace does not let you set records (and will only allow you to use Squarespace-hosted services) you will need to migrate your domain to another provider. I like gandi.net.
- Learn how your router does port forwarding. You will forward port(s) for the calendar service from your router to your home PC. (Or learn how to do firewalls on your VPS.)
- Before you actually connect to it with credentials over the internet, set up SSL/TLS certificates with LetsEncrypt.
The educational route I took was Hurricane Electric’s free IPv6 online course. It taught me a bunch of networking principles. When you finish the course (and get “sage” status), you get free lifetime DNS access. This includes dynamic DNS that automatically updates when your IP address changes.
Because of this, I can self-host on a basic residential plan without paying for any additional services.
Oooo this might be the path I take to finally get off IPv4. Cheers. I’ve already set up reverse proxies, but finally updating to 1999 technology seems like a good plan.
Consider getting a VPS to play around with to learn how this stuff works before you expose your data to the internet.
Highly recommend this, especially when exposing your local server to the internet when you may still be a bit green with the security aspects of self hosting. Small VPS for under $30 a year are dime a dozen really, and well worth the price for the education you can get from them.
Even now, I have a small VPS that I regularly test things on before I put it on the production server.
