Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Just a heads up: Headscale will use the official Tailscale DERP servers to resolve NAT traversal.
https://tailscale.com/docs/reference/derp-servers
Headscale includes an embedded DERP server but you need to enable it. Their example yaml has it disabled by default, which I assume is because it needs to be publicly available on the internet, requires HTTPS, and thus a certificate and other network/security considerations.
I know you're trying to tell me something brother, but at this moment in time, I seem more stupid than normal, so if you would, unpack that for me in relation to what I was explaining to OP about Tailscale security.
DERP is the service that actually relays packets between tailscale connected devices when they are crossing a NAT (leaving one private network and going across the internet to another private network).
If you host headscale (the self-hosted community version of the tailscale control plane) and use it with tailscale, by default it will still use the public Tailscale DERP servers. Your traffic is still encrypted and not visible to them, but it does still rely on part of their centralized architecture even though you are hosting the control plane yourself.
That being said, you can just use the embedded DERP that ships with headscale, although there are some other considerations when doing that because it will need to be publicly on the internet, probably with a proper domain name and publicly trusted certificate.
Thanks for explaining. I really didn't mean it as a Headscale v Tailscale. kind of thing as far as data security goes. I've heard a lot of great things about Headscale. OP was just worried about his data being compromised, and I was just pointing out that it's pretty tight.