Hi everyone

Thanks for all the advice on buying a domain. Its a big week for me. Getting on grapheneos, buying a domain, and I also recently started self hosting my contacts and calendar. I love this way of life.

My original plan was to one of the xyz 1.1111b domains for $1 a year but most of the feedback I got said just go with cloudflare. Its a lot more money than I had planned but all the security features are baked in and I feel that’s worth the extra money.

Here are my questions. I use the latest version of truenas community

  1. How do I connect my domain to my server apps? I’ve got a series of apps I’d love to he able to access without tailscale and solely use the domain.
  2. I have heard the term DNS a million times but don’t really understand it. What do.I need to know about DNS to keep security up and stay protected
  3. I’d like to let family access my media server, are there any considerations I need to make?
  4. How can I use one domain to access multiple services on my server? Do I need to pay extra for subdomains?

Thank you for any advice

  • frongt@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    2 days ago

    I would strongly encourage continuing to use tailscale or another VPN. The more you expose to the Internet, the more opportunities you present to an attacker. If you family also uses the VPN client, they can access the systems in the same way.

    Plenty of learning material out there on DNS. But no, you don’t have to pay extra for subdomains. You can put the records up on cloudflare or host them internally. Generally it’s considered bad practice to put local records in public DNS, but it doesn’t actually matter that much.

    You can set up a reverse proxy to route traffic to each service based on the domain name used. Most people use caddy, some use traefik, and some use nginx proxy manager.

    • someonesmall@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 days ago

      This. Do not expose any service to the internet or even LAN. All clients need to connect via VPN to your machine, no matter if from LAN/home or on the road (WAN/Internet). You can still use a reverse proxy and custom domain names so inside the VPN network everything is HTTPS and each service has a nice domain name.

      • valar@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        2 days ago

        This seems a bit extreme to me. I have services exposed to the Internet, with reverse proxy and auth.

    • philanthropicoctopus@thelemmy.clubOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 days ago

      This is where I get really lost. I’m probably going to get this wrong so here goes

      My understanding was tailscale is to connect different machines across the internet, but that a traditional VPN hides your information

      I got a domain so I could use my traditional VPN and access my server. At the moment, every time I want to access my server, I have to turn off my VPN so I can turn on tailscale. That’s the exact scenario I’m trying to avoid by getting the domain.

      Again, I’m sure I’ve got some stuff wrong here but that’s my current understanding

      • frongt@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        1 day ago

        If you really want to, you can use tailscale to home, then route your outbound traffic over the other VPN. But that’s a bit tricky to set up and it’ll probably be pretty slow.

        Using a VPN for privacy is overrated, unless you have a government or ISP that is actively snooping on your traffic. The majority of connections are already encrypted with https.