Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Home Server Questions
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Home Server Questions

Here is my predicament. I use 2 cell phones as a bonded connection through Speedify. I want to run my own host at home but Speedify ignores all ports without paying hundreds of dollars a month. The reason I want to host at home is one of my websites is a data storage HOG! I have my server set up and running on my LAN serving my sites locally without issue. What's my best way to get that live? I've read VPS running OpenVPN but what's the best/most cost effective provider for that? My sites don't see a ton of traffic so inexpensive is awesome!

Comments

  • There are probably better options than using a VPS as a VPN to make your home server public, but if you'd like to do this, your best bet is with a high / unmetered bandwidth VPS with a dedicated (Not NAT) IPv4 close in location to your home, to reduce latency. Not sure where you're located, but personally I use a small VirMach VPS for a personal VPN.

    Thanked by 1chop249
  • Easy to do this with wireguard and a vps. Shot me a pm if u need help.

    Thanked by 1chop249
  • @PineappleBox said:
    There are probably better options than using a VPS as a VPN to make your home server public, but if you'd like to do this, your best bet is with a high / unmetered bandwidth VPS with a dedicated (Not NAT) IPv4 close in location to your home, to reduce latency. Not sure where you're located, but personally I use a small VirMach VPS for a personal VPN.

    I'm open to options. My sites have been down for weeks..... :(

  • yoursunnyyoursunny Member, IPv6 Advocate

    You need a high-bandwidth VPS near your house that have public IP addresses.
    Then, you can setup a reverse tunnel using ssh -R.

    On your house web server, run SSH client:

    ssh -R 127.0.0.1:8000:127.0.0.1:8000 [email protected]
    

    Note that your house web server should listen on port 8000 using HTTP protocol. You do not need HTTPS locally, because SSH tunnel already encrypts traffic.
    The above command makes the web server accessible on local port 8000 on the VPS.

    On the VPS, install Caddy server and setup a reverse proxy:

    vi Caddyfile
      https://example.com {
        reverse_proxy 127.0.0.1:8000
      }
    
    
    caddy run
    

    Caddy will automatically obtain TLS certificates, terminate TLS connection, and forward HTTP requests to your house web server..

    You probably want to run both commands through systemd, so that it can automatically restart after the connection drops or the machine reboots.

    See https://www.lowendtalk.com/discussion/comment/3160524/#Comment_3160524 for a comparison between this and a VPN-based solution.

  • As mentioned above setup a site-to-site VPN (also a basic SSH tunnel can work for you) with a VPS unmetered close to you or find a VPN provider that allows you to do portforwarding so you can expose HTTP(S) with the VPN natted IP

  • ericlsericls Member, Patron Provider

    Any kind of tunnels should work

  • I would recommend either using wireguard or autossh here to make sure that tunnel will be reformed in the case of some outage and it will be reestablished automatically.

  • While it will work perfectly well the vast majority of the time, I wouldn't use SSH tunnels for permanent connections like that. There are potential performance issues with wrapping TCP streams inside other TCP streams like that, particularly if there are any temporary packet loss or delay issues (see http://sites.inka.de/sites/bigred/devel/tcp-tcp.html to pick an example at random from Google, or one of many other references to the issues) or just when latency is high. As you are using cell connections, bonded no less, intermittent packet delay may be more of an issue for you than other connection types.

    I would suggest something like OpenVPN (using the UDP transport, not TCP) or wireguard instead. Slightly more work to setup, but worth it IMO. As well as a potential significant benefit in less than ideal conditions, you'lll likely see a small improvement in latency at all times.

  • letrocksletrocks Member
    edited January 2021

    @MeAtExampleDotCom said:
    I would suggest something like OpenVPN (using the UDP transport, not TCP) or wireguard instead. Slightly more work to setup, but worth it IMO. As well as a potential significant benefit in less than ideal conditions, you'lll likely see a small improvement in latency at all times.

    OpenVPN is really slow. Try iperf between client and server using SSH, WireGuard, and OpenVPN tunnel. You will see the speed difference. Given the usecase here TCP or TCP wouldn't be a problem. However due to performance problem, I have stopped using OpenVPN everywhere. Also OpenVPN is harder to configure and needs too many things to be installed. SSH and wireguard are very minimal and built in for the most part.

    https://www.wireguard.com/performance/

    Other solution is to use tinc or zerotier.

  • Definitely don't recommend or even mention OpenVPN for anything anymore, if you want to permanently connect two points you should be using Wireguard and thats about all there is. An SSH tunnel works great for testing and development but I wouldnt ever use one in production anymore when I can whip up a wireguard network and have the two servers securely connected without having to maintain a tunnel.

  • edited January 2021

    @letrocks said:
    OpenVPN is really slow. Try iperf between client and server using SSH, WireGuard, and OpenVPN tunnel...

    I did say "OpenVPN or WireGuard". My point was to avoid TCP-wrapped-in-TCP, at least not for long-lived connections and/or less than perfect connectivity (I use SSH tunnelling all the time for various things, but wouldn't consider it for the OPs requirements).

    Until there is an official Windows client that is declared stable (last I checked it wasn't yet, though many do report using it reliably in production) and available in common off-the-shelf solutions (pfSense doesn't support it yet, for instance, as it isn't mainline in the stable FreeBSD releases until 13 due for release in a couple of months) and common stable Linux releases (it is available in Debian/Stable, but only via backports which may be a limitation depending on local policy), there will still be room for fresh OpenVPN installs.

    I'll not ague against the case that WireGaurd is the preferable system by quite a measure if you are not blocked in your choice by any of the above limitations or legacy support requirements. It only hit stable mainstream Linux kernels in March 2020, so I wouldn't expect ubiquity just yet.

Sign In or Register to comment.