Hi, guys. Like in the title. I have orangepi5 with some services like nextcloud or grafana. I would like to access to those instances from outside - but I don’t want to open ports.

Could you guys point me how can I achieve that?

Do I need to set domain for home services? I have heard that people recommends cloudfare tunnel, but I think cloudfare tunnel does not work with subdomain like duckdns. Do I need to buy domain for my case? One more think, if I set this tunnel or maybe other solution- should I go with https (lets encrypt) solution?

Thank You

  • FOSSMan@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    you could use cloudflare zero-trust, i use it with a docker container which runs cloudflared. it tunnels your services through without a single port open. there are a couple youtube tutorials which are pretty good.

  • pixxelkick@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    You will need to open some ports, but ideally you just open up 1 port for a VPN and call it a day.

    If you want a really easy solution you can buy one of the mid to high end routers that comes with a built in OpenVPN you can enable, and you just do the process to have it be the router for your network (usually by setting your modem to pass through mode and then have your personal router immediately next in line, and it becomes the actual router of the network)

    If you do a search you should find a few decent models out there with OpenVPN support, and then its just a matter of enabling the feature in the router’s interface and following its guide and then installing OpenVPN on your mobile phone(s)

  • snowe@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    You’ve really got two options here. Tailscale, which will give you named dns routes for your machines, based on the machine name, or dynamic DNS with a reverse proxy like SWAG.

  • EP51L0N@sh.itjust.works
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 year ago

    using a reverse proxy is prob your best bet. something like nginx (nginxproxymanager for easier configuration)

    • karcio@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      nginxproxymanager

      Well, I was trying to play with nginx proxy manager, was able to set this but still, could connect only from home network - not from outside

      • EP51L0N@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        nginxpm still requires ports to be open, but only 2: 80 and 443. a lot better than opening every port for every service you have

    • karcio@lemmy.worldOP
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      for this I am using zerotier - and I can connect from outside but … using IPs which is not great. Would like to use domains

      • pe1uca@lemmy.pe1uca.dev
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I’m using PiHole with my tailscale to use their MagicDNS.
        This shares the PiHole among all the devices connected to the tailnet, and in the PiHole you can configure your local DNS to point your domains to your tailIP.
        My setup has several services in a single machine, so there’s also the issue of ports, for that I use caddy as a reverse proxy, which also allows me to have HTTPS only configuring the key to my registrar for the DNS challenge