What can the 'average Joe' start hosting, that will change their life?

jaackf@lemmy.world to Selfhosted@lemmy.world – 999 points –

I'm already hosting pihole, but i know there's so much great stuff out there! I want to find some useful things that I can get my hands on. Thanks!

667

You are viewing a single comment

Have it be accessible over Tailscale (or similar) and that alleviates a lot of the access concerns. No need to setup port forwarding either.

Similar might be running Wireguard yourself, right? Albeit if memory serves that setup tends to require port forwarding, so maybe not (or maybe I set it up wrong).

Tailscale uses the Wireguard protocol (in userspace, not kernel) along with a user and IP management system, a STUN system and a relay so they can provide easy management and connectivity even behind NAT or CGNAT. The relay uses https headers to hide the traffic, which provides a slower connection but allows connectivity in networks that block UDP or VPN traffic.

Installing a Wireguard server would use a kernel implementation of the WG protocol, but you have to open a port on the server side for it, and manually create the peer configuration and public/private keys for them. It is slightly faster, but not as easy to deploy or as versatile when dealing with complicated networks, dual NAT or CGNAT. Also very easy to block on networks as it does not obfuscates the traffic.

I chose to deploy a Wireguard server because it works well for my needs, but if I was behind CGNAT or connected through restrictive networks I would move to Tailscale.

Makes sense!

I set up Wireguard simply to get a rough understanding of how to do so & to try to access some home resources while away, which works well enough across simpler network situations, but as you indicate, breaks down against more complicated network situations.

Port forwarding a wg udp port is way safer than port forwarding some application to login to from the internet. At least with WG you can't even brute force it or anything, it's a lightweight protocol that requires a client cert.

Tailscale basically uses NAT hole-punching, doesn't require any port-forwarding ever, it's great