I just bought a raspberry Pi and plan to self-host my own file server (Seafile) + other services as I gain more experience with self-hosting. I just have one issue: I don’t own my network and I can’t enable port forwarding as I’m on a university campus.
My only options to get around this are
Pay for a VPS and make an outbound connection to the VPS (more private, kinda expensive for me)
I don’t want my university to see my services and would prefer that Cloudflare didn’t either although they aren’t necessarily a threat. One day, I would like to host a Tor node (not on my university network as that is obviously prohibited) and Cloudflare is not the best choice for that.
Can you just use a USB tether with your smartphone? Since you are willing to spend anyway, maybe just have an 5G/LTE modem with your device so that you will skip campus nosy security.
GL.iNet sells an LTE modem router and it is based on OpenWRT.
You can connect your server and phone via Tailscale. No need to involve your school with your self-hosting venture.
Not sure how are the rules at a/your campus in general, but to avoid any kind of legal issues I would probably host things on a VPS or at your friends’/parents’ place then access it via a VPN from there.
Not saying that you will be torrenting like a madman but there might be some “not so clever” and hard to find book that tells you that you are not allowed to do X or Y (for whatever the reason).
That way, you opt out from any kind of potential waste of time/drama if it ever comes in the future.
I would go to the ZTN Provider like Netbird, Twingate or even Tailscale.
Also in addition you might wanna speak with the IT deperarment/IT person on your campus.
Outbound connection to a VPS with a fixed IP (with services running on your own hardware) is the answer here. Beware that Raspberry Pi’s aren’t really ideal if you need “high availability.” In fact, for the same money I would prefer a more capable used thin client like a ThinkCenter micro, also to avoid ARM headaches. Make sure the VPS provider does not filter the SMTP port if you plan on hosting email however (this is not a given).
Tailscale and/or dynamic dns should be enough. You don’t even need to buy a domain name, plenty of free ddns provider out there like dedyn.io, same people behind desec.io. You get to choose subdomain.dedyn.io and individual service /container could be further assigned svcname1.subdomain.dedyn.iosvcname2.subdomain.dedyn.io etc etc as needed.
Hence the and/or part, with tailscale. Eventually those internal services will be too many to remember naked internalip:port and the ddns will be handy. Technically still doable without ddns by hosting internal only .test domain with local self-signed acme but the self-signed cert will be annoying got to add it onto each system/browser trusted cert else the browser red warning. Even tailscale internal cert aren’t browser trusted by default. With ddns can just request valid, auto browser trusted letsencrypt or zerossl free cert and no browser red warning anywhere.
Edit: i just remembered localcert.net the free service exactly to tackle the problem of browser trusted cert for internal service.
You don’t need to, but if you are serious about self-hosting, you should buy one ASAP. For one, dynamic DNS services do not give you full control of DNS records. For things such as email, that’s a non-starter.
Update: I didn’t need Tailscale or a VPS. My university allows me to expose my device via a subdomain like .student.myuniversity.edu
Now I have a new issue: I don’t want to be visiting a university domain. Is it possible to use my own domain to point to the uni’s domain? I know I could use a CNAME record but that would just redirect me to the uni domain. I want to visit mydomain.com and stay on mydomain.com while accessing the application on the uni’s domain.
I’m no expert when it comes to self hosting stuff, but check out Cloudflare Tunnels.
I’ve got one of those free domains, linked it with my Cloudflare account and it works fine. It’s genuinely amazing the things that you can do with Cloudflares free plan, you don’t need to worry about certificates to get SSL, you can also set up an authentication window (similar to Authelia but way more basic), an email forwarding service with your own domain, amongst other stuff.
I’ve set all this up yesterday with one of those free Oracle Cloud VPS instances and its working great for me
Theres plenty of videos on youtube about this which will probably explain this a lot better than I can lol
