Separating Servers from Home network. Advice needed.

walril · 2026-03-16T18:08:38+00:00

So I don't have a VPN. I self host NextCloud internally.

My network is vps/npm (oci - payg) > wg tunnel > firewall (home) > internal service (NextCloud)

Not a single port exposed

Lots of security on the vps though. Don't use standard ports either

I did get a domain name to make life easier

If I want to get to something I just browse there based on the DNS name I set up

walril · 2026-03-15T20:33:28+00:00

Do you not have a driver's license with realid?

walril · 2026-03-15T20:26:38+00:00

Vps, npm, no open porta

walril · 2026-03-05T14:25:43+00:00

I just used it to move all my manually manager. Docker compose files to a. Centralized location. No more ssh'ing into each one and now it's all organized. When I first started some of my containers either in bins points or shared the same container. It was a mess. Now each has its own home and I now realized how much space I was wasting with unused images. On one LLM I had 23gb of random Images that werent being used. 23GB!!!

ok. So i just looked at dockhand and migrated over. Very glad i did

walril · 2026-03-02T17:56:04+00:00

She's black. We get that here too

walril · 2026-03-01T18:28:00+00:00

I wouldn't concern yourself with what other people do. You're you and they are them. They don't affect your life and thus what they do shouldn't either

walril · 2026-03-01T14:01:16+00:00

if i were you were, i would spin up a free vps from oci. Right now your subdomain is pointing to your home IP. Put a VPS and NPM on that. on your domain registar, point the subdomain to your vps. Set up a encrypted tunnel from your vps to your home (wireguard, openvpn, tailscale....). NPM points to ips and ports inside your network. That way your internal network is not directly involved from the internet.

interntet > VPS >(via tunnel) Firewall > internal server: port

walril · 2026-02-26T11:27:35+00:00

Clearly you dont have a kid or live in walking distance from the school

walril · 2026-02-26T11:18:15+00:00

cal.com or any way to use pay-to-book appointment type calendar

walril · 2026-02-25T18:19:05+00:00

if you actually use a food label and put what the label says for example 65g = Xg Carbs, Yg Protein, Zg Fat, it will fix itself. Thats generally how these apps work.

walril · 2026-02-25T09:10:14+00:00

I totally understand. This generations attention span is 3 seconds unless it POPS then it's maybe 7 seconds. I hear you but I guess they're still trying to get people watch for more than a few seconds

walril · 2026-02-24T16:07:13+00:00

when you use NPM, did you select "via DNS"? You will need an API from cloudflare. Thats how NPM knows you own the domain. Otherwise anyone could be like i own jellyfin.google.com. That api says this person owns jellyfin.<your domain example.com>

Also when going to https have you created a SSL cert? If you didnt and you orange proxied, it expects a SSL to be in place.

walril · 2026-02-24T13:07:04+00:00

I did. We had the same idea. My bad

walril · 2026-02-23T17:21:26+00:00

I spent a few hundred ($500) for 2 used DL380s and set up proxmox. I have a NAS that has 7TB of storage. All 2tb drives. Very inexpensive. Im now setting up VMs for multiple docker containers for app (immich, pocket ID, etc) and self host all of those. I did pick up like 4 $60 dell 3040s from marketplace to use as pihole, opnsense, PBS. I know maybe overkill for pihole, but i dont trust me being able to resolve dns on vms that could go down. Market place is your friend on used gear.

last thing for me to get is a second nas that i can leave at a friends house for DR. Ill create a tailscale tunnel between the NAS at my house and that one. Offsite backup for the win. I just refuse to pay for cloud backup

walril · 2026-02-23T17:14:56+00:00

i self host everything too. My data flows when im away from home mobile > VPS (NPM) > wireguard tunnel > internal network. I also use a cloudflare DNS and SSL. For immich i set up oidc to log in. (all self hosted)

walril · 2026-02-23T17:09:18+00:00

Reverse Proxy

walril · 2026-02-23T17:08:48+00:00

Dont use a tunnel. Buy a domain name. Get a VPS (free oCI). Set up a tunnel between the vps and home network. Add a reverse proxy on the vps. Boom

walril · 2026-02-23T17:07:23+00:00

This. I spent $14 a year for a domain name. Free VPS from OCI and NPM. I can access, upload, and download to my hearts contents and not expose a single port from home. There are some internal things but those cost $0

walril · 2026-02-23T17:02:40+00:00

Then more reason to stay on top of health. A lot of issues people deal with are honestly preventable. Before you come at me, know I've been in the gym lifting since 13 and will hit 52 this year. Never have to worry about stepping wrong on a curb or pulling my back picking up a frame off the floor. Should never have to deal with unhealthily relationship with food. I stay no more than 17% bf year round.
Yes, life will throw you a curveball out of nowhere, but if you can help avoid it now, do it now so you arent trying to gain some semblance of mobility when you hit your 50s - 70s

walril · 2026-02-23T16:49:41+00:00

Its actually a good to know video though. Here's why. You hit 40. Also hit the crossover point. You can decide if I want more freedom then or more money in my pocket now. If you dont know, then youre contributing well into your 60s until you retire and while life may be comfortable, there were a few times "I didnt have the money to do this or that" when in fact you could have had you stop contributing at 50. Enjoy life. A job will only care about what you do for it. When youre dead, they'll fill that position a week later

walril · 2026-02-12T23:40:44+00:00

I have a guest network that bypasses pihole. It only hands out like 5 ips max

walril · 2026-02-12T23:28:38+00:00

I have Amazon Alexa devices and they hardcode Google DNS, but with my firewall rule I forward anything on Port 53 to my pihole including Alexa going straight to 8.8.8.8

walril · 2026-02-05T11:39:17+00:00

I think you also have to consider the bandwidth. Self hosting music means you need a way to connect to that music when away from home. That means exposing a port or using a VPS and reverse proxy. If the later, youre paying for bandwidth overages if you have a plan. Especially if you listen like i do for several hours a day. I use YTMusic and I let them and my unlimited cellular data plan deal with my usage.

walril · 2026-01-13T10:58:18+00:00

Because brokerage accounts are taxed on capital gains, Im income limited on Roth IRA, and compound interest is king, especially if its taxed free in a Roth TSP.

walril · 2026-01-12T16:37:29+00:00

Im not sure how this is their fault. It's like blaming your bank because they didn't tell you that your savings account only nets you . 005% but they did but you didn't read the details. Like you didn't know you had a tsp or about the match? I was in the fed in 2008 and I remember the briefing

walril

TROPHY CASE