Greetings,
my current ISP refuses to provide me a static IP and they also blocks incoming connection to my ipv6 so I can’t host services on just ipv6 too. I will be changing my ISP when the plan expires.
without public IP I can host my own IRC bouncer but I would like to know what else can I self host? Thanks in advance!
You must log in or register to comment.
nearly everything, you don’t need a static ip to selfhost, look up DDNS :>
You also could just do lan
You could, but for many of us, the point of having access to our services is to have access from anywhere :-)
Yup, everything in my setup is primarily used in my house. The only reason anything is publicly accessible is so I can show it off occasionally.
Basically everything. Self hosting doesn’t rely on public access.
You can self host anything like this, all you need is buying a domain and set something up like DynDNS which updates the entry of the domain with your new IPv4 as soon as it changes.
I would recommend to not open your services to public, but set up a wireguard (or other VPN) endpoint in your home, which you then use to access all your services.
I think, an alternative to that would be some servicees from tailscale or cloudflare, I suppose
Self host all your stuff and use tailscale if you just want to provide private services to yourself
Put everything behind Tailscale or another VPN and use it that way from outside devices. There should be very little need to have a public IP, and if there’s something that has to be exposed, use ngrok, cloudflared or Tailscale Funnel.
I just use a DDNS updater. That’s honestly good enough for most purposes.
Alternatively, you could use a service like Zerotier, Tailscale or Netbird to create a virtual private LAN connection to a free Oracle VPS, then route the traffic from the VPN to your home network.
Rent a VPN, setup a wire guard tunnel and fuck your ISP!
Anyway having a real public IP on a residential block is basically impossible anywhere but in the USA, I guess.
CGNAT blows, but easy to workaround w/ a $5/mo VPS.
Public IPV4 here. It’s not static, but very rarely rotates. DDNS ftw.
Telus Residential in Canada.
Straya. I have a static ip. Costs like 5$ a month
North America?
straya = australia
Thanks, I was thinking of the fitness app
That’s strava
Ah, yes. That’s the one.
Tailscale or Cloudflare will solve your problems.
Literally anything you want. You don’t need a static IP, any dynamic IP with a software updater will work. For example, I have some public sites proxied through Cloudflare, and I use the DDNS updater for Docker that keeps my DNS correct.
The ISP is blocking his ports too, it seems.
That’s an odd thing to see these days. I didn’t know ISPs still did that. I bet they offer a more expensive tier for businesses is why.
In my country no ISP will offer you a real IP address anymore. Not on IPv4 at least. So doesn’t matter if your ports are blocked or not, you are CG-NATted in any case.
Should check which ports.
Mine blocks 80 inbound and 25 outbound, but everything else I’ve tried works. (so no default http, and no outbound email)
I only really want 443 for simplicity, everything else can be random ports.
As someone in a similar situation I’d recommend using a free tier oracle vps with a wireguard tunnel to connect to you services. Effectively just using the vps as a proxy for your own network. Here’s a guide that should work for your purposes https://github.com/mochman/Bypass_CGNAT
Oracle deletes servers with no warning and for no reason. I wouldn’t use them
The best way would be to use a VPS to proxy your traffic to you. You can achieve this for pretty cheap, just set up an wireguard tunnel to a cheap VPS. That’s exactly how I access all my services from outside my home. As long as the VPS has a publicly accessible IP (most of them do), you being behind CGNAT should not be an issue.
This is the way OP
I mean you can host anything. It’s just not reachable from the outside. And Fediverse or anything that gets data pushed in, won’t work. The common method to handle all of this is to use some tunnelling solution.
You can use Tailscale, you can access your personal services with it but also expose public services with their Funnels system.
Keep in mind that while the clients are open source, their servers are running proprietary software.
I started using headscale (the opensource reimplementation of tailscale server) on a private vps. It is incredibly better compared to plain wireguard. I regret waiting so much before switching.
Something that really made my life easier: wireguard is poor at roaming: switching to and from my wifi created issues because the server wasn’t reachable anymore from its public ip and wireguard didn’t bother to query the DNS again to check the new IP. Also, configuration is dead simple because it takes care of iptables for you (especially good when you enables forwarding to a node).
Since the server just sends small messages for the control plane and all the traffic is p2p between the devices, the smallest vps with the smaller connectivity is more than enough to handle it.
If this is just for personal use, I’d see if you can put their router in modem mode and go get a better router, then I’d just use tail-scale or WireGuard.
tailscale is looking good I might try that
It’s amazing additionally you can run Mullvad through it that might solve your public IP issues but I only run my services for me and my house
my current ISP refuses to provide me a static IP
So then use dynamic dns? HurricaneElectric offers DynDNS now and it’s great. You can update it right over
curlif you want. I have it mapped to a cli function;~\downloads ❯ ddns HTTP/1.1 200 OK Cache-Control: no-cache, must-revalidate Content-Length: 18 Content-Type: text/html Date: Tue, 25 Feb 2025 09:24:18 GMT Email: DNS Administrator <[email protected]> Expires: Wed, 25 Feb 2026 09:24:18 GMT Server: dns.he.net v0.0.1 nochg {ip}It’s not only not static It’s firewalled too! I can’t ping it from outside the network
Did you configure NAT to the service(s) and/or DMZ to your internal server in your ISP’s router?
Not allowing even ping seems like it is against any sane networking configuration.
Oh, damn. Not much you can do then. You may be eventually be able to get something outrageously complicated to work, but honestly it’s just plain not worth it. Just get a cheap VPS.
Best you could do is a forward server with tailscale and a reverse_proxy, but I’ve never had any real luck getting that type of setup to work reliably.
You don’t want to expose services to the internet
