this post was submitted on 01 Sep 2025
85 points (89.7% liked)

Selfhosted

60542 readers
1473 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the link in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post. )

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
85
How to selfhost with a VPN (95.181.238.34:40152)
submitted 10 months ago* (last edited 10 months ago) by humanoidchaos@lemmy.cif.su to c/selfhosted@lemmy.world
 

These are some quick n' dirty instructions so people can get up and running fast.

I wish I had known this was possible sooner.

Instructions:

Check that your VPN supports port forwarding and you have it enabled.

Grab your VPN's internal IP with ip a

Find the interface for your VPN. For me it's called tun0.

Open up /etc/nginx/nginx.conf

You can back it up, or comment everything out, or pick what's necessary. Here's what my file looks like.

	worker_processes  1;
	include modules.d/*.conf;

	events {
		worker_connections  1024;
	}
	http {
		server {
			listen [VPN INTERNAL IP]:[VPN FORWARDED PORT];
			server_name  localhost;
			location / {
				root '[ABSOLUTE PATH TO YOUR WEBSITE ROOT FOLDER]';
				index index.html; # Relative to your website root.
			}
		}
	}

Make sure your permissions are correct. For me, the 'other' group needs read permissions to the root folder, including where it's mounted.

Start nginx with systemctl start nginx

You can visit your website on your host machine in a browser at [VPN INTERNAL IP]:[VPN FORWADED PORT]. For me, using the internal IP is required to view the website on my host machine.

To view the website on other machines, you can use [VPN EXTERNAL IP]:[VPN FORWARDED PORT]. The only thing you need to change is the IP address.

I hope this works for you and you are inspired to selfhost and take back power from those who stole it from us.

you are viewing a single comment's thread
view the rest of the comments
[–] EncryptKeeper@lemmy.world 19 points 10 months ago* (last edited 10 months ago) (3 children)

There’s no security risk viewing this bit of html via http lmao

[–] possiblylinux127@lemmy.zip 5 points 10 months ago* (last edited 10 months ago) (1 children)

How so?

Data send back isn't validated so someone could tamper with the data. A bad actor could add some arbittary Javascript plus ISPs have been caught inserting marketing materials into pages.

From a privacy perspective it is also bad as not only does it include your user agent in plain text it doesn't have any encryption on page contents which allows your ISP to snoop on what you are doing.

All of these reasons are while we moved to https. X.509 certs are free and trivial to setup with Caddy or any other Reverse proxy/web server. If https was crazy had to setup I'd be more understanding but it is very easy to do in 2025.

[–] null_dot@lemmy.dbzer0.com 3 points 10 months ago (1 children)

Do you really think someone is going to set up a MITM attack for the dozen people who visit this blog?

[–] possiblylinux127@lemmy.zip 4 points 10 months ago (1 children)

No, but governments and ISPs can and have historically done so for all http traffic.

It doesn't matter the page. They just care about http.

[–] missfrizzle@discuss.tchncs.de 7 points 10 months ago* (last edited 10 months ago) (1 children)

specifically this is how QUANTUMINSERT worked (from the Snowden leaks.) also China used the same technique, injecting malicious JS through the GFW to get bystanders to DDoS github, in a much more obvious and indiscriminate way.

nobody here is remotely likely to be targeted by NSA, of course, but you can actually do such attacks on a budget if you compromise any router in the chain. combined with a BGP hijack it's not far out of reach for even a ransomware gang to pull something like that these days.

[–] possiblylinux127@lemmy.zip 2 points 10 months ago

To add to this, a whole lot of places have been compromised in the salt typhoon attacks. China has compromised infrastructure all over the place including ISP hardware.

[–] jafra@slrpnk.net -2 points 10 months ago (1 children)

Maybe there is, maybe it's only little. Maybe people browsing should be more aware of where they click on. Either way, this method shouldn't be used for any sensitive information least a personal cloud. Would be suicidal I guess.

[–] EncryptKeeper@lemmy.world 6 points 10 months ago

Luckily this website contains no sensitive information and is not a personal cloud.

[–] surewhynotlem@lemmy.world -3 points 10 months ago (1 children)

I'll bite.

The risk is training people in bad behaviors, and then having those people do stupid things like type in a password.

[–] EncryptKeeper@lemmy.world 10 points 10 months ago (1 children)

There’s no password entry on this site, and what people do on other websites is not OPs responsibility.

[–] surewhynotlem@lemmy.world -2 points 10 months ago (1 children)

Oh yes. Pushing personal responsibility to the end user has always been a very effective security strategy.

[–] EncryptKeeper@lemmy.world 5 points 10 months ago* (last edited 10 months ago) (1 children)

Lmao as the operator of a website your personal responsibility ends with your website. It is not OPs responsibility to protect other websites he does not operate, nor is it to take on the end user’s responsibility, or education. Don’t be silly.

[–] surewhynotlem@lemmy.world -1 points 10 months ago (1 children)

Of course it does. You're only ever responsible for yourself.

And that mentality does not lead to good things.

[–] EncryptKeeper@lemmy.world 1 points 10 months ago* (last edited 10 months ago) (1 children)

Of course it does, could you imagine the alternative? Imagine spontaneously taking responsibility for the safety of the entire internet. That would be just nuts.

I can heartily recommend taking responsibility for yourself, and not trying to foist it on others. Especially some dude with a rinky dink little personal blog.

[–] surewhynotlem@lemmy.world 0 points 10 months ago (1 children)

This is a definition problem I think. I don't use the word "responsible" to mean sole ownership. For example. We are all responsible for the cleanliness of our roads. It is a shared responsibility that we all participate in.

And, I think, we are all responsible for modeling good behaviors for people to emulate.

[–] EncryptKeeper@lemmy.world 2 points 10 months ago* (last edited 10 months ago)

I don’t think we’re individually responsible for anything anybody else does unless you influenced somebody intentionally into doing it.

If you want to model your idea of good behavior then you set up your sites with https. That does not mean OP is obligated to do the same. Not for a static HTML page with a couple paragraphs of text on it.