+-----------------+
| . local server  |
+-.---------------+
< . >
< . >
< . >
< . >
< . >
+-.-----------------------+
| . serveo/localhost.run  |
+-.-----------------------+
< . >
< . >               +----------------------+
< . >               |   .   raw data       |
< . >               | < . > encrypted data |
< . >               +----------------------+
+-.----------+
| . clients  |
+------------+

hellow,

i wanna host things (nextcloud, bin, syncthing) myself but im under cg nat so i cant do it the regular way. i have to tunnel my way out. the only concern is that, the raw data is readable by the ssh server (ie. serveo/localhost.run), but i dont anyone elses eyes on my data

sorry for my broken english.


edit:


please clarify me.

if i setup a vpn which provides encryption on my local server, can i go like this

+------------------+
|   . local server |
+-< . >------------+
 << . >>
 << . >>
 << . >>
 << . >>
 << . >>
+-< . >----------------------+
| < . > serveo/localhost.run |
+-< . >----------------------+
 << . >>
 << . >>               +-------------------------------------+
 << . >>               |    .   raw data                     |
 << . >>               |  < . > vpn encrypted data           |
 << . >>               | << . >> vpn encrypted data over tls |
 << . >>               +-------------------------------------+
+-< . >-------+
|   . clients |
+-------------+

sorry i dont know how to express this in words

  • PureTryOut@lemmy.kde.social
    link
    fedilink
    arrow-up
    14
    ·
    24 hours ago

    I personally rent the cheapest VPS I could find and put Tailscale on it. My server at home then connects to that Tailscale network and the VPS runs nginx acting as a proxy forwarding everything to the server through Tailscale.

    Besides having no annoying networking issues it also has the benefit that I can move houses without having to update A records to have the domain point to the new IP address because the VPS IP ofc remains the same.

    • t0mri@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 hours ago

      wait. please clarify me.

      if i setup a vpn which provides encryption on my local server, can i go like this

      +------------------+
      |   . local server |
      +-< . >------------+
       << . >>
       << . >>
       << . >>
       << . >>
       << . >>
      +-< . >----------------------+
      | < . > serveo/localhost.run |
      +-< . >----------------------+
       << . >>
       << . >>               +-------------------------------------+
       << . >>               |    .   raw data                     |
       << . >>               |  < . > vpn encrypted data           |
       << . >>               | << . >> vpn encrypted data over tls |
       << . >>               +-------------------------------------+
      +-< . >-------+
      |   . clients |
      +-------------+
      

      sorry i dont know how to express this in words

    • schizo
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      16 hours ago

      Another (and to some degree more flexible AND simpler) solution is rathole: still requires you to host it somewhere, but it’s got a little more flexibility.

      Edit: I’m not a fan of VPN tunnels in general, because for most people all you’ve done is made a remote server that, if it’s compromised, will have unfettered and complete access to your internal network via the VPN tunnel.

      There are ways to mitigate that but, for what I suspect is the majority of people asking about how to do this, they’re outside of a reasonable technical ask.

      (Rathole works similar to an argo tunnel, in that it initiates a connection to the VPS, and then passes traffic limited to a specific port or application back and forth, rather than being a nice open tunnel.