I live in a rural aussie (with no fibre options) area with the worlds shittiest internet and especially bad upload. I been self hosting a bunch of things and simply just struggling through the shit connection.

Will be getting starlink to remedy the internet issue but it seems i need a business (priority) plan to get a public ip so i can access my services from the greater internet. This is however more expensive and i would like to avoid the additional cost if possible.

I was thinking i could wireguard proxy from my server at home to a cheap/free vps to bypass the restrictions but i suspect that would mess with how nginx on my home server manages ports etc. Plus i use my own hardware not just for security but also no recurring costs otehr than power so paying for a vps just to proxy seems like a waste.

Also been having dns issues with duckdns vos dynamic ip starlink seems not to support static ips so how should i resolve this issue.

Any advice or reccommendations?

  • gazter@aussie.zone
    link
    fedilink
    arrow-up
    5
    ·
    2 days ago

    There is usually free tier packages available on the big cloud providers. You’ll get pretty limited resources, but you will get a static IP, and the ability to run a tunnel. There will be a couple extra steps, but nothing major. You’ll likely have the ability to run a couple services from there as well- maybe something to kick-start your home server if it falls over for whatever reason, or even your URL shortener.

  • Txmyx
    link
    fedilink
    arrow-up
    1
    ·
    1 day ago

    I just use ipv6. And a simple docker container that updates my dns records. For applications that should not be exposed I use tailscale

  • leverage@lemdro.id
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 day ago

    Just use a dynamic dns service and expose the stuff you need to access publicly, publicly. If you want to be extra careful, or secure services that otherwise have no security, your reverse proxy should be able to forward auth, which forces people to login before the request is handled. This gives you a single point of security failure again, which I’m not seeing as any different from whatever you’re thinking about with wireguard and a vps. You can also selectively configure which services use forward auth, which are fully public, and which aren’t accessible outside of LAN addresses. This would give you the option to use something like Tailscale for your private stuff when away from home without having to use the forward auth.

    • poVoq@slrpnk.netM
      link
      fedilink
      arrow-up
      5
      ·
      1 day ago

      Starlink uses CGNAT, so that is not possible since the public IP is shared between multiple subscribers.

      • leverage@lemdro.id
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 day ago

        Ah, wasn’t aware of that, makes more sense now. Seems like OP needs to pipe everything through someone else’s server, or fork over for the static IP, until IPv6 is finally universally functioning. I’ve seen good things about Cloudflare, at least as long as they aren’t doing multimedia.

          • leverage@lemdro.id
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 day ago

            Not sure if it’s actually feasible today, but in the future when all the Internet routing and consumer devices are compliant, something something ipv6 has enough address space for every device many times over to have a unique address. I’m guessing there’s still too many links in the chain that won’t be setup for ipv6 to work, but it’s worth your research.

            Probably more realistic to work out the complication you’re concerned about with reverse proxy and a VPS + VPN.