Get a cheap VPS on digital ocean, and make a wireguard tunnel from there to your server. Then you don't need any open ports on your home network
This is what I do. I have a VPS that handles all the 443 traffic and then proxies it back to my home server on the correct port. I also just serve some things directly from the VPS since I have it already. It also works well to have a second box for things like uptime monitoring.
And one can prototype this for free by using something like localhost.run or ngrok.com
At the firewall level, port forwarding forwards traffic bound for one port to another machine on your network on an arbitrary port, but the UI built on top of it in your router may not include this.
If it's not an option in your Fritzbox, your options are:
- Make the service running on your internal network listen on one of those high-number ports instead.
- Introduce another machine on the network that also performs NAT between your router and your machine
- Try to access the underlying firewall in your router to tweak the rules manually. Some routers have an admin console accessible via telnet or SSH that may allow this.
- Get a new router.
The first and last options on this list are probably the best.
What exactly are you serving? Chances are you can change the listening port.
Yes that is possible. You can select in the UI that port A forwards to local Host B to Port B.
Yes, you can do it on your server with a simple iptable rule.
I'm a little rusted, but something like this should work.
iptables -t nat -A PREROUTING -d [your IP] -p tcp --dport 11500 -j DNAT --to-destination [your IP:443]
You can find more information searching for "iptables dnat". What you are saying here is: in the prerouting table (ie: before we decide what to do with this packet) tcp connections to my IP at the port 11500 must be forwarded to my IP at port 443.
If you are hosting for yourself, you can use something like Tailscale to access your server from outside.
Short answer, yes, you can forward port 11500 to port 443, but it means you’ll have to go to www.yourdomain.com:11500 and this may or may not work great with you applications inside the network depending on how they are set to run.
That's what I thought.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
IP | Internet Protocol |
NAT | Network Address Translation |
SSH | Secure Shell for remote terminal access |
VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #949 for this sub, first seen 3rd Sep 2024, 14:45] [FAQ] [Full list] [Contact] [Source code]
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!