Greetings,
my current ISP refuses to provide me a static IP and they also blocks incoming connection to my ipv6 so I can’t host services on just ipv6 too. I will be changing my ISP when the plan expires.
without public IP I can host my own IRC bouncer but I would like to know what else can I self host? Thanks in advance!
You must log in or register to comment.
Anything. You don’t need any services to be public unless you choose for them to be.
actually I was thinking about hosting my own fediverse service to own my data but I can’t do that without a static public IP and domain name.
Your domain need to be tied to cloudflare you don’t need to buy one from them. I just moved mine to them didn’t pay them a dime
You actually want a cloudfare tunnel if youre going to do that. It protects your real IP. Hosting a fediverse instance will draw attention to your real IP eventually otherwise.
As long as you’re not behind CGNAT, you can use a dynamic DNS provider (like duckdns.org) and its web API to keep a record pointed at your IP. If you’re behind CGNAT, Tailscale also has a service (Tailscale Funnel) that can expose an internal service to the internet.
You could also pay for a small VPS with a static IP, and set up a Wireguard tunnel to your home server and an HTTPS proxy to forward traffic through the tunnel.
Also, just in general, use Tailscale. It’s serious black magic fuckery on the firewall.
I tried using DuckDNS for a while for DDNS, but noticed it seemed to have frequent periods of a few minutes each when it just wouldn’t resolve. Also was unable to get a matrix/synapse setup working behind it. It’s handy as a free service and nice if you just need basic DDNS, but it’s not the most reliable for hosting stuff from my experience.
I eventually settled on buying my own domain. Was much cheaper and easier to figure out DNS management than I was expecting, and my hosted services run so smoothly now.
Edit RE: downvotes: fuck me for sharing my experience? Kinda thought that was the point of this community…
@Confused_Emus @rtxn Figuring out DNS is always fun.
And never ever ever make any, even small, DNS change on a Friday. Unless you don’t like weekends.
Is it time to break out the DNS haiku and pray to the name gods?deleted by creator
Yeah I am behind CGNAT so I guess I have to use either Tailscale or wireguard as other users also suggested.
Thank you for the reply!
Just to chip in, cloudflare tunnels are a thing and also transverse CGNAT. Or you could use LocalXPosed, and other sevices like that.
Tailscale or Cloudflare will solve your problems.
Anything
I use cloudflare / cloudflared agent to provide features hosted locally
Put everything behind Tailscale or another VPN and use it that way from outside devices. There should be very little need to have a public IP, and if there’s something that has to be exposed, use ngrok, cloudflared or Tailscale Funnel.
If this is just for personal use, I’d see if you can put their router in modem mode and go get a better router, then I’d just use tail-scale or WireGuard.
tailscale is looking good I might try that
It’s amazing additionally you can run Mullvad through it that might solve your public IP issues but I only run my services for me and my house
deleted by creator
deleted by creator
You also could just do lan
You could, but for many of us, the point of having access to our services is to have access from anywhere :-)
Yup, everything in my setup is primarily used in my house. The only reason anything is publicly accessible is so I can show it off occasionally.
Self host all your stuff and use tailscale if you just want to provide private services to yourself
Literally anything you want. You don’t need a static IP, any dynamic IP with a software updater will work. For example, I have some public sites proxied through Cloudflare, and I use the DDNS updater for Docker that keeps my DNS correct.
The ISP is blocking his ports too, it seems.
Should check which ports.
Mine blocks 80 inbound and 25 outbound, but everything else I’ve tried works. (so no default http, and no outbound email)
I only really want 443 for simplicity, everything else can be random ports.
That’s an odd thing to see these days. I didn’t know ISPs still did that. I bet they offer a more expensive tier for businesses is why.
In my country no ISP will offer you a real IP address anymore. Not on IPv4 at least. So doesn’t matter if your ports are blocked or not, you are CG-NATted in any case.
I just use a DDNS updater. That’s honestly good enough for most purposes.
Alternatively, you could use a service like Zerotier, Tailscale or Netbird to create a virtual private LAN connection to a free Oracle VPS, then route the traffic from the VPN to your home network.
I use a cheap VPS and connect all my relevant devices to it via a VPN (aldo self hosted w/ wireguard). It’s $5/month and does the job.
The best way would be to use a VPS to proxy your traffic to you. You can achieve this for pretty cheap, just set up an wireguard tunnel to a cheap VPS. That’s exactly how I access all my services from outside my home. As long as the VPS has a publicly accessible IP (most of them do), you being behind CGNAT should not be an issue.
This is the way OP
I mean you can host anything. It’s just not reachable from the outside. And Fediverse or anything that gets data pushed in, won’t work. The common method to handle all of this is to use some tunnelling solution.
As someone in a similar situation I’d recommend using a free tier oracle vps with a wireguard tunnel to connect to you services. Effectively just using the vps as a proxy for your own network. Here’s a guide that should work for your purposes https://github.com/mochman/Bypass_CGNAT
Oracle deletes servers with no warning and for no reason. I wouldn’t use them
my current ISP refuses to provide me a static IP
So then use dynamic dns? HurricaneElectric offers DynDNS now and it’s great. You can update it right over
curlif you want. I have it mapped to a cli function;~\downloads ❯ ddns HTTP/1.1 200 OK Cache-Control: no-cache, must-revalidate Content-Length: 18 Content-Type: text/html Date: Tue, 25 Feb 2025 09:24:18 GMT Email: DNS Administrator <dnsadmin@he.net> Expires: Wed, 25 Feb 2026 09:24:18 GMT Server: dns.he.net v0.0.1 nochg {ip}It’s not only not static It’s firewalled too! I can’t ping it from outside the network
Did you configure NAT to the service(s) and/or DMZ to your internal server in your ISP’s router?
Not allowing even ping seems like it is against any sane networking configuration.
You don’t want to expose services to the internet
Oh, damn. Not much you can do then. You may be eventually be able to get something outrageously complicated to work, but honestly it’s just plain not worth it. Just get a cheap VPS.
Best you could do is a forward server with tailscale and a reverse_proxy, but I’ve never had any real luck getting that type of setup to work reliably.
