I’ve seen a lot of people saying things that amount to “those tech nerds need to understand that nobody wants to use the command line!”, but I don’t actually think that’s the hardest part of self-hosting today. I mean, even with a really slick GUI like ASUSTOR NASes provide, getting a reliable, non-NATed connection, with an SSL certificate, some kind of basic DDOS protection, backups, and working outgoing email (ugh), is a huge pain in the ass.

Am I wrong? Would a Sandstorm-like GUI for deploying Docker images solve all of our problems? What can we do to reshape the network such that people can more easily run their own stuff?

  • YuzuDrink@beehaw.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 years ago

    I’ve been working on getting Matrix Synapse running on my NAS, and the CLI hasn’t been my problem. I’m a programmer, and CLI doesn’t scare me; but the other issues you mention are all new to me, and getting a web service set up so people outside my local network can access it but without leaving me open to bad actors is wicked stressful.

    The biggest problems end up being that I need to work with the soup of technologies, and there’s no one place to do all the things. I’ve got TWO routers (because my internet comes through one, and I run my LAN and wifi off one I trust better) which means I’m double-NATed, which is apparently the root of all evil; I can use Cloudflare to tunnel to my NAS, but I can’t accept simple (CNAME) redirects from a family member’s domain to one of my subdomains without paying Cloudflare $200/month, so that means I’m back to dealing with the double-NAT, and then I have to learn setting up TLS, which sounds like it’s simple, but still it’s jimmy way another thing to screw around with and another thing I could screw up on accident.

    I could pay for a VPS, but that to me defeats a lot of the point of “host your own” federation when some company could be subpoenaed for copies of all their hosted accounts or something. (Yes, I could get subpoenaed for my data just as easily, but it takes more work to subpoena a thousand people than one company for a thousand people’s accounts.)

    Anyway, I’d love to see things evolve to where it’s easy for newbies to host their own private instances of everything.

    Personally, I’d love a drop-in tool that runs more like a temporary server while it’s running, syncing federated data you missed while your device was off; and only serving your data when it’s on. Likely with some kind of redirect service/NAT punchthrough so other clients can find you…

    …but I think we’re a long way off from being able to do that.

    • mtset@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 years ago

      Wow, yeah, that sounds like a really frustrating situation. I wish you all the luck in figuring it out.

      • YuzuDrink@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 years ago

        I got it working! I’m fortunately, I know a kindly professional who took pity on me and showed me the secrets of Cloudflare free-tier, and we did work something out.

        I have had to learn SO MUCH in just the last week, though, it’s crazy intense!

    • foonex@feddit.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 years ago

      You could get a VPS only for getting around the double NAT.

      Run a reverse proxy on the VPS and forward requests over WireGuard to your NAS. That way you wouldn‘t actually host any data on the VPS.

      • YuzuDrink@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 years ago

        This is an idea I didn’t know about! I’ll have to look more into it. If you feel like it, I’d love to hear a bit more detail; but also I know how to use DuckDuckGo, so no pressure!

        • foonex@feddit.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          2 years ago

          I don‘t know what specifically you would like to know and what your background is, so I will just elaborate a bit more.

          The basic idea is that the VPS, which is not behind a NAT and has a static IP, listens on a port for WireGuard connections. You connect from the NAS to the VPS. On the NAS you configure the WireGuard connection with “PersistentKeepalive = 25”. That makes the NAS send keepalive packets every 25 seconds which should be enough to keep the connection alive, meaning that it keeps a port open in the firewall and keeps the NAT mapping alive. You now have a reliable tunnel between your VPS and your NAS even if your IP address changes at home.

          If you can get a second (public) IP address from your provider you could even give your NAS that IP address on its WireGuard interface. Then, your VPS can just route IP packets to the NAS over WireGuard. No reverse proxy needed. You should get IPv6 addresses for free. In fact, your VPS should already have at least a /64 IPv6 network for itself. For an IPv4 address you will have to pay extra. You need the reverse proxy only if you can‘t give a public IP address to your NAS.

          Edit: If you have any specific questions, feel free to ask.

    • hassanmckusick@lemmy.discothe.quest
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 years ago

      Tailscale funnel

      Tailscale is a fork of WireGuard. Tailscale has a cool feature called funnel that connects a node on your vpn to a domain at .ts.net