I’ve been setting up a music server on my home server recently, looking to move away from private hosting options like iBroadcast, but I’ve hit a bit of a snag when it comes to actually accessing my server when away from home.
The two most common recommendations I’ve seen are Cloudflare and OpenVPN. My router supports OVPN access, so I gave that a try, but couldn’t ever actually make it work. I don’t know for sure, but I think it’s probably something with my ISP that I can’t really easily work around. As far as Cloudflare goes, setting up a tunnel requires you to have a domain set up with them even if you’re just using Warp, and since I don’t have one, that’s not an option.
What other good options are there for remote access? I’m running Open Media Vault as my server. Thanks.
Edit: Based on responses, it looks like Tailscale is the way to go since it’s all private to me. Thanks everyone!
I use a wireguard tunnel that connects to a cheap VPS and then configured a caddy reverse proxy on that VPS that makes my services available on the internet.
Question, do you also use the same domains for the local network as the remote connections? And if yes, are you just accepting the round trip to the VPS or do you have a shortcut to stay in the local network? Because, while I have an otherwise identical setup, I put caddy on the local server, so that I can eventually use local DNS to point to the local address
There’s something called NAT reflection that does a local lookup if the request originated in the internal network and avoids going via the external route. Some software for routers like ONPSense and/or PFSense support it (but I wouldn’t be surprised if DD-WRT, Tomato, etc supported it as well (its been a while since I used them)).
It might work better of your DNS provider supports API based challenges vs traditional ACME challenges that might require you to still expose your IP/challenge ports with public DNS to get your certificates.
All my internal DNS has the option of SSL certs while my IP is not on any public DNS and it routes to the internal IPs with the above. Not sure how that would work with wireguard or tailacale/headscale, but I’m assuming they probably could complement nicely.
No, I use a second reverse proxy for my local network. For example, I can resolve navidrome either via my VPS using
navidrome.mydomain.netor directly in my local network with the addressnavidrome.local.mydomain.net. I also configured the local caddy reverse proxy with a DNS provider module to get LetsEncrypt certificates for my local addresses.Yeah I’ve been using wireguard for a long time myself personally, and more recently for a small team to access an intranet.
I’m a big fan. After a half hour or so trying to understand configs it’s pretty manageable.