Comment on Starlink with self hosted?
leverage@lemdro.id 3 weeks ago
Just use a dynamic dns service and expose the stuff you need to access publicly, publicly. If you want to be extra careful, or secure services that otherwise have no security, your reverse proxy should be able to forward auth, which forces people to login before the request is handled. This gives you a single point of security failure again, which I’m not seeing as any different from whatever you’re thinking about with wireguard and a vps. You can also selectively configure which services use forward auth, which are fully public, and which aren’t accessible outside of LAN addresses. This would give you the option to use something like Tailscale for your private stuff when away from home without having to use the forward auth.
poVoq@slrpnk.net 3 weeks ago
Starlink uses CGNAT, so that is not possible since the public IP is shared between multiple subscribers.
leverage@lemdro.id 3 weeks ago
Ah, wasn’t aware of that, makes more sense now. Seems like OP needs to pipe everything through someone else’s server, or fork over for the static IP, until IPv6 is finally universally functioning. I’ve seen good things about Cloudflare, at least as long as they aren’t doing multimedia.
muntedcrocodile@lemm.ee 3 weeks ago
I think starlink has ipv6 so can i use that to fix my issues? I assume i would drop ipv4 support but fuck it.
leverage@lemdro.id 3 weeks ago
Not sure if it’s actually feasible today, but in the future when all the Internet routing and consumer devices are compliant, something something ipv6 has enough address space for every device many times over to have a unique address. I’m guessing there’s still too many links in the chain that won’t be setup for ipv6 to work, but it’s worth your research.
Probably more realistic to work out the complication you’re concerned about with reverse proxy and a VPS + VPN.