Hi, guys. Like in the title. I have orangepi5 with some services like nextcloud or grafana. I would like to access to those instances from outside - but I don’t want to open ports.
Could you guys point me how can I achieve that?
Do I need to set domain for home services? I have heard that people recommends cloudfare tunnel, but I think cloudfare tunnel does not work with subdomain like duckdns. Do I need to buy domain for my case? One more think, if I set this tunnel or maybe other solution- should I go with https (lets encrypt) solution?
Thank You
you could use cloudflare zero-trust, i use it with a docker container which runs cloudflared. it tunnels your services through without a single port open. there are a couple youtube tutorials which are pretty good.
consider tailscale
deleted by creator
You will need to open some ports, but ideally you just open up 1 port for a VPN and call it a day.
If you want a really easy solution you can buy one of the mid to high end routers that comes with a built in OpenVPN you can enable, and you just do the process to have it be the router for your network (usually by setting your modem to pass through mode and then have your personal router immediately next in line, and it becomes the actual router of the network)
If you do a search you should find a few decent models out there with OpenVPN support, and then its just a matter of enabling the feature in the router’s interface and following its guide and then installing OpenVPN on your mobile phone(s)
You’ve really got two options here. Tailscale, which will give you named dns routes for your machines, based on the machine name, or dynamic DNS with a reverse proxy like SWAG.
using a reverse proxy is prob your best bet. something like nginx (nginxproxymanager for easier configuration)
nginxproxymanager
Well, I was trying to play with nginx proxy manager, was able to set this but still, could connect only from home network - not from outside
nginxpm still requires ports to be open, but only 2: 80 and 443. a lot better than opening every port for every service you have
If you don’t want it publicly exposed to the internet you can use a vpn. Tailscale is probably the easiest.
for this I am using zerotier - and I can connect from outside but … using IPs which is not great. Would like to use domains
I’m using PiHole with my tailscale to use their MagicDNS.
This shares the PiHole among all the devices connected to the tailnet, and in the PiHole you can configure your local DNS to point your domains to your tailIP.
My setup has several services in a single machine, so there’s also the issue of ports, for that I use caddy as a reverse proxy, which also allows me to have HTTPS only configuring the key to my registrar for the DNS challenge