I use afraid.org to keep my dynamic dns pointed at my routers ip. With afraid.org dns you only need a curl statement scheduled on the open~~dns~~wrt router to keep the dynamic ip updated.
Self hosting doesn't mean you should host everything yourself at home, using a VPS you manage (so the data inside it is still yours) is also a viable option for selfhosting. I myself host some services at home and a few others in a VPS.
As for Dyndns, I've used a few providers over the years. DuckDNS is the one I've been using for 5 years or so and it's not failed me once. Pretty happy with it.
Maybe you could have a duckdns pointing to your dynamic IP and your domains / subdomains with a CNAME pointing to the dyndns address?
Since you run already OpenWrt, you can check out https://openwrt.org/docs/guide-user/services/ddns/client
There is a list on this page of compatible services. If you don't want to use one more service (DNS), you can use a domain registrar with an API (like porkbun) and find online tools that work with that.
Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!
Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!
Agree - Not something I will throw myself into.
That lists afraid.org as a ddns provider.
They are pretty great, I use them as my domain host.
Yes I use no-ip but have to confirm the domain name every month or so and cant use my own domain on the free tier. (Maybe im just being cheap) - Also I haven't been able to figure out how I would use / get SSL certificates.
Try duckdns, it doesnt nag you every month and it just works
Yes, I have used it in the past and it was annoying...
You can get SSL certs with letsencrypt, but you need to use the http verification method.
Not anymore, it supports txt records now
ddclient paired with a supported provider.
Many DNS providers have an API and are supported by various dynamicDNS clients. I use Cloudflare and the built in client on my Opnsense router.
OpenWRT should have a client too that supports a bunch of services.
VPS with a tunnel between it and home services (Wireguard/Tailscale, etc)in my opinion is Best Way as it isolates your home gateway (no open ports, because you make outbound connections to your VPS), and let VPS handle Identity and Access Management
(Or an equivalent isolating architecture).
Alternatively, Tailscale has a Funnel feature which can route public traffic into your Tailscale network. Though I don't love this approach, it does work for low-volume connections.
+1 for using Tailscale funnel Don't use a lot of resources and easy to setup
I'm using cloudflare as my nameserver and the free API seems to work just fine with ddclient.
There are two options, one is tunneling (e.g. tailscale, cloudfare tunnels, or a VPS either with special software or plain old SSH port forward constant connection). The other option, the most popular answer (I think, influenced by how yoy asked) is Dynamic DNS or DynDNS (e.g. duck, hurricane, freedns, etc.) this second one is like the classic solution.
Script that checks your external IP and updates your DNS provider via API.
Get your own domain, find a free DNS service that provides an API, and it becomes a simple matter of updating a DNS A
record whenever your IP changes.
Here's a starting point: https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438
Don't use a DynamicDNS service, they're usually crap and they make you depend on a domain you don't own.
You can get super cheap VPSs and use them just as a reverse proxy (with access via VPN). I host 11 servers using one single-core VPS as a reverse proxy. All data resides on premises, in house. I pay 10/yr for VPS. It definitely does not defeat the purpose.
From where can you get a VPS for that price?
Check out low end box. I found coupons for racknerd. I have one VPS that's $10/yr, another that's $18/yr. I've had zero downtime in the 18 months I've used them. No complaints from me. YMMV of course.
Yeah maybe I need to consider this.
Free Dyndns services seem to be a bit crap
Why do you say that? https://freedns.afraid.org/ and https://www.duckdns.org are very solid and if you're looking for something more corporate even Cloudflare offers that service for free.
DuckDNS is great... but they have had some pretty major outages recently. No complaints, I know it's an extremely valuable free service but it's worth mentioning.
If you go down the VPS route, a headscale server on a cheap $3.50 VPS would be the way to go. Wouldn't even have to deal with IP addresses at that point, while still being able to self-host all your services, with the cheap VPS being a glorified switch/firewall.
Namecheap domains include a dynamic DNS application for free and it works well. Be aware that it only runs on Windows.
also keep in mind for people not on windows, namecheaps API only functions for business grade, and also is not clearly documented, there is a "dynamic dns setup page" but it isn't up to date. I find myself trying to use openwrt's DDNS pages for it but it still isn't accurate, I am likely going to transfer elsewhere when im closer to the end of my lease. This API restriction also prevents you from easily automating your SSL process using letsencrypt as you are locked down to subdomain based entries instead of wildcard domains.
I think you got enough recommendations for several tunneling solutions.
Apart from that (and free DynDNS) you could also use a regular paid DNS provider. Some of them also offer DynDNS or an API. I think I saw some regular providers in the list of my DynDNS client on my router, next to the super cheap or free ones.
How often does your IP actually change? Mine changes so rarely (during extended power outages, say) that I am able to just update my IP manually when it does.
I even used to run my own authoritative DNS server at home (the one offered by my registrar isn't configurable enough, think SRV and TXT records) - for that, I have a web UI at my registrar to set the IP addresses of the DNS server.
I have dyndns, have since they were 10$ a year, and I've gradually realized that my ISP changes my IP on average less than once a year...
I've used big names like ns1 and Cloudflare for free.
Cloudflare has an api for easy dynamic dns. I use oznu/docker-cloudflare-ddns to manage this, it's super easy:
docker run \
-e API_KEY=xxxxxxx \
-e ZONE=example.com \
-e SUBDOMAIN=subdomain \
oznu/cloudflare-ddns
Then I just make a CNAME for each of my public facing services to point to 'subdomain.example.com' and use a reverse proxy to get incoming traffic to the right service.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
DNS | Domain Name Service/System |
HTTP | Hypertext Transfer Protocol, the Web |
HTTPS | HTTP over SSL |
IP | Internet Protocol |
SSH | Secure Shell for remote terminal access |
SSL | Secure Sockets Layer, for transparent encryption |
TLS | Transport Layer Security, supersedes SSL |
VPN | Virtual Private Network |
VPS | Virtual Private Server (opposed to shared hosting) |
nginx | Popular HTTP server |
9 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #891 for this sub, first seen 27th Jul 2024, 19:35] [FAQ] [Full list] [Contact] [Source code]
Wow thanks everyone. I think I need to take another look at some of the DynDNS provides and digest all your great feedback.
Id like to go beyond personal self hosting stuff and maybe run some stuff that requires Federation. Im just thinking at the moment.
FreeDNS works pretty well as long as you don't need more than 5 DNS records.
Other free services I had good experiences with:
Many registrars let you buy a domain and set up dynamic DNS for it within their system so you can own a domain and get dyndns on it.
Otherwise you could accomplish it with a VPS but you'd only need the smallest one available because it would just need to run nginx to forward to your home ip (and a small tool to update that IP when it changes). So you could probably get something for less than $5/mo.
You can pay for dyndns service which should be more reliable than free ones. I don't have any experience with those, so I can't give any recommendations. What I'm running is that I use few of the free ones which are updated either from my router or from a linux VM and I've just pointed few easy to remember CNAME records from my own domain to those dynamic addresses. It's not the best thing in the world, but my dynamic IP tends to be pretty static as it usually changes only when my own hardware is down for a longer period of time (few hours or so, so a longer power outage or a hardware maintenance gone wrong).
I've been using No-IP free plan for years without issues. Inputted the credentials to my routers DDNS client and then basically forgot about it. Free users need to confirm their account once a month via email but that's just one click.
If your domain registrar happens to have an API to update DNS entries, you could implement DDNS yourself by writing a simple automated script to check the external IP (e.g. via ipify.org) and if it's changed from the last check then call the API to update the DNS entries.
Yeah been using No-ip free but I worry that one day I will forget to confirm and ill ge cut-off.
No-IP
Don't recommend that. There are plenty of better alternatives such as https://freedns.afraid.org/ and https://www.duckdns.org/ that aren't run by predatory companies that may pull the plug like DynDNS did.
Sure. I'm not recommending anything, just stating what has worked for me. For simple use cases, I think most of the DDNS services are pretty much the same anyway and it's easy to switch to an another one if one stops working for some reason.
Don't expose your services directly to the internet. Instead rent a VPS and the use Wireguard to bring the traffic back home. In your home network your services should be in there own VLAN and everything should be isolated and sandboxed. Everything has the potential to be compromised so always practice least privilege and defense in depth.
Or just set up your home network and services properly. Ideally with reverse proxies and maybe a proper DMZ.
I use digital ocean as dns host. They have an API, so I check my IP with a script and update if needed.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!