Hi everyone

Thanks for all the advice on buying a domain. Its a big week for me. Getting on grapheneos, buying a domain, and I also recently started self hosting my contacts and calendar. I love this way of life.

My original plan was to one of the xyz 1.1111b domains for $1 a year but most of the feedback I got said just go with cloudflare. Its a lot more money than I had planned but all the security features are baked in and I feel that’s worth the extra money.

Here are my questions. I use the latest version of truenas community

  1. How do I connect my domain to my server apps? I’ve got a series of apps I’d love to he able to access without tailscale and solely use the domain.
  2. I have heard the term DNS a million times but don’t really understand it. What do.I need to know about DNS to keep security up and stay protected
  3. I’d like to let family access my media server, are there any considerations I need to make?
  4. How can I use one domain to access multiple services on my server? Do I need to pay extra for subdomains?

Thank you for any advice

  • valkyre09@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    17 hours ago

    Cloudflare tunnels is a great way to expose services on your network to the web.

    You run a program in your server, it makes a tunnel, then you configure it on the website to visit the internal link in your network, eg

    If you’re hosting a web server at home, you could have something like:

    www.mydomain.net > 192.168.1.55:8080

    You can also have cloudflare protect access to that website with email verification, google / Microsoft accounts etc.

    It’s a lot to learn, but it’s very handy once you get the hang of it.

    Here’s a YouTube video on the basics: https://youtu.be/Q5dG8g4-Sx0?is=J7KvNZoyjsEq33fO

    • philanthropicoctopus@thelemmy.clubOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      16 hours ago

      Thank you for this tip

      I have just set it up and holy shit it worked straight away! This is so exciting!

      My question, now that my apps are exposed to the internet, aside from having strong passwords is there anything else I should be doing to keep safe?

      I just read no media servers on free tunnels so I’ll have to use nginx for jellyfin

      • Svinhufvud@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        7
        ·
        13 hours ago

        Using cloudflare tunnels means that the TLS is terminated at cloudflare. This means that cloudflare has the capability to snoop on your traffic, so you have trust cloudflare not to do that, especially if your traffic contains sensitive information.

        Also, the ‘no media in free tunnels’ is outdated information as far as I know, so be sure to check up to date information on that.

      • valkyre09@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        15 hours ago

        Yes in zero trust > access controls > applications you can specify a web site and then tell it how you want it protected. In its most basic form you can have it email you a login code, but if you link it to either google or Microsoft you can have users of those services use them allowing you to sso straight through.

        You can also specify a wildcard *.mydomain.net and then by default anything that is in your domain will be protected. Means when you’re testing something new you won’t forget to lock it down.

        You’re correct about media, I use nginx proxy manager for emby, but everything else goes through the tunnels

        As for configuring, the cloudflare LLM bot has been trained on all its documentation so it’s one of the few times a chat bot is genuinely useful.