Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I don't use tailscale or gluetun. They're probably good options I just wasn't aware of them when I was setting up and what I'm doing now has worked great for years.
My home server has 4 containers you're interested in:
wireguard_out
this is a wireguard instance which is connected to a mullvad server on a paid subscription.
For any containers I want to "use this vpn" I just attach them to this container's stack. it's one of the
networkoptions in docker. Notably these containers include qbittorrent and squid (below).Wireguard configurations look unapproachable at first but it's one of those things where messing around with it for an hour or so will serve you well for a lifetime. There's not heaps more to learn. LLMs are great at writing wireguard configurations.
squid
This is a http proxy attached to the wireguard_out stack. You didn't ask about this and may not need it but I've found it super useful.
One of the private torrent trackers I use will only let your torrent client connect to the tracker from the same IP address you used to download the torrent file - so when browsing their website you need to use the vpn connection. Using squid makes this really easy.
In firefox (librewolf) I have foxyproxy addon which allows you to specify a proxy to use for specific urls. So when I navigate to mytracker.com firefox automatically routes the connection through squid > wireguard > mullvad on my server.
wireguard_in
This handles my "road warrior" set up so I can access services on my home server while I'm away.
This container has a separate docker network to most of my other containers, in the ip subnet 10.0.2.0/24.
traefik
this is a reverse proxy
it's on the same network as wireguard_in with the ip address 10.0.2.2
I've configured a public dns "A" record *.home.mydomain.com to point to 10.0.2.2, the private ip address.
The configurations I use for the wireguard connections on my phone or other devices only route requests for this subnet through the wireguard connection. so if I'm away from home and my phone requests lemmy.world that goes through the public network, but if I request photon.home.mydomain.com that goes through my vpn. This way you don't need to turn off / on the wireguard connection.
I use file based configurations for traefik. It can do docker label configurations but they're just awful IMO. The yaml configurations are much more readable and manageable.
As an aside, you can replicate this structure many times on one host. I have several incoming wireguard networks for different purposes. You configure the traefik container to sit across all the networks, like a spider at the centre of a web.
Is your setup such that when you are not at home, traffic routed to your wireguard_in network reaches out to the Internet through wireguard_out? Idea being your mobile devices effectively use the same mullvad connection they would if you were at home.