Hi everyone

Thanks for all the advice on buying a domain. Its a big week for me. Getting on grapheneos, buying a domain, and I also recently started self hosting my contacts and calendar. I love this way of life.

My original plan was to one of the xyz 1.1111b domains for $1 a year but most of the feedback I got said just go with cloudflare. Its a lot more money than I had planned but all the security features are baked in and I feel that’s worth the extra money.

Here are my questions. I use the latest version of truenas community

  1. How do I connect my domain to my server apps? I’ve got a series of apps I’d love to he able to access without tailscale and solely use the domain.
  2. I have heard the term DNS a million times but don’t really understand it. What do.I need to know about DNS to keep security up and stay protected
  3. I’d like to let family access my media server, are there any considerations I need to make?
  4. How can I use one domain to access multiple services on my server? Do I need to pay extra for subdomains?

Thank you for any advice

  • foremanguy@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    12 hours ago
    1. You need port forwarding and hosting a reverse proxy into your infrastructure
    2. You shouldn’t really worry about DNS in that case, only make sure you’re domain resolve to the right IP
    3. As I said in 1. you will have to port forward to get access from outside (maybe you want to setup fail2ban on the reverse proxy to limit a bit spam)
    4. Reverse-proxy. No, you own a part of the domain so all the subdomain are belonging to you as well. Ex. When you buy test.com you don’t buy the com domain but you buy media.test.com for example
  • Strider@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 day ago

    Someone has to say it: when you’re asking these questions it shows that you still have a lot to learn. That itself is fine.

    But you’re at significant risk when putting a service on the internet so it would be best maybe to have someone at your side to assist you with beginner mistakes.

    • Tangent5280@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      5
      ·
      1 day ago

      What is your opinion on using Claude or similar to cross check decisions for robustness? Yay or Nay?

      • Rekorse@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 hours ago

        You won’t be able to tell if Claude is giving you good answers or not. You’d have to have someone who knows about this stuff check it for you, but at that point you should just have that person help you.

      • Strider@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        1 day ago

        I think it can be a good thing, and while it is better than not doing it it is no comparison to an expert. This is not to say it’s worthless or anything though!

  • pmk@piefed.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 days ago

    My general advice at this point is, if you haven’t already, to document the setup for your future self. It quickly gets out of hand with the amount of passwords, credentials, certificates, firewall settings, docker containers left and right, configs, workarounds, custom shell scripts, ansible scripts, git repos, backup locations and passwords, etc. Right now everything is fresh in your mind, but 6 months from now you may need to restore from a backup or an OS upgrade goes wrong, and then you’ll appreciate being able to remember the details.

    • lyralycan@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 day ago

      I second this! I’ve learned to note everything down during my experience installing services with Proxmox, and have recently started converting my notes to Public guides, just in case it helps anyone to not start from scratch

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    10 hours ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    Git Popular version control system, primarily for code
    ISP Internet Service Provider
    NAT Network Address Translation
    SSH Secure Shell for remote terminal access
    TLS Transport Layer Security, supersedes SSL
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)
    nginx Popular HTTP server

    [Thread #36 for this comm, first seen 2nd Jul 2026, 12:10] [FAQ] [Full list] [Contact] [Source code]

  • valkyre09@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 days ago

    Cloudflare tunnels is a great way to expose services on your network to the web.

    You run a program in your server, it makes a tunnel, then you configure it on the website to visit the internal link in your network, eg

    If you’re hosting a web server at home, you could have something like:

    www.mydomain.net > http://192.168.1.55:8080/

    You can also have cloudflare protect access to that website with email verification, google / Microsoft accounts etc.

    It’s a lot to learn, but it’s very handy once you get the hang of it.

    Here’s a YouTube video on the basics: https://youtu.be/Q5dG8g4-Sx0?is=J7KvNZoyjsEq33fO

    • philanthropicoctopus@thelemmy.clubOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 days ago

      Thank you for this tip

      I have just set it up and holy shit it worked straight away! This is so exciting!

      My question, now that my apps are exposed to the internet, aside from having strong passwords is there anything else I should be doing to keep safe?

      I just read no media servers on free tunnels so I’ll have to use nginx for jellyfin

      • Svinhufvud@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 days ago

        Using cloudflare tunnels means that the TLS is terminated at cloudflare. This means that cloudflare has the capability to snoop on your traffic, so you have trust cloudflare not to do that, especially if your traffic contains sensitive information.

        Also, the ‘no media in free tunnels’ is outdated information as far as I know, so be sure to check up to date information on that.

  • irmadlad@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 days ago

    Now what

    Congratulations on the new domain name! Now what? Well, first you don’t tell anyone here what it is. /s Since you are already with Cloudflare, why not go all out and set up Cloudflare Tunnels/Zero Trust? Once you install Cloudflare Tunnels/Zero Trust on the server, you no longer need to do all that port fiddling, NAT fiddling, none of that. If you decide to go the Cloudflare Tunnels/Zero Trust route, I have some set up notes you might find beneficial. I’d be more than happy to share them. It isn’t that setting up Cloudflare Tunnels/Zero Trust is hard, but it was a bit touch and go for me, but I got there, and wrote that shit down. LOL

    @pmk@piefed.ca has some great advice about documentation. DO IT! Write everything down during deploy. After a successful deploy, distill your notes and clean them up. Make them a part of your 3,2,1 backup scheme.

    • Jason2357@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 day ago

      I just don’t get this take of getting your own domain and seld-hosting, but run it all through cloudflare. Its sad.

  • artyom@piefed.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 days ago

    How do I connect my domain to my server apps?

    Go to your domain provider and configure it to point requests to your server IP address. Use reverse proxy to connect those requests to a specific “app”. Most often NGINX.

    I have heard the term DNS a million times but don’t really understand it

    The oversimplified version is that it’s “the phone book of the internet”. Users domain requests are sent to it and then it forwards said requests to the appropriate IP address.

    I’d like to let family access my media server, are there any considerations I need to make?

    Are you hosting on a VPS or a home server?

    How can I use one domain to access multiple services on my server?

    Subdomains

    Do I need to pay extra for subdomains?

    No.

  • frongt@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    2 days ago

    I would strongly encourage continuing to use tailscale or another VPN. The more you expose to the Internet, the more opportunities you present to an attacker. If you family also uses the VPN client, they can access the systems in the same way.

    Plenty of learning material out there on DNS. But no, you don’t have to pay extra for subdomains. You can put the records up on cloudflare or host them internally. Generally it’s considered bad practice to put local records in public DNS, but it doesn’t actually matter that much.

    You can set up a reverse proxy to route traffic to each service based on the domain name used. Most people use caddy, some use traefik, and some use nginx proxy manager.

    • someonesmall@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 days ago

      This. Do not expose any service to the internet or even LAN. All clients need to connect via VPN to your machine, no matter if from LAN/home or on the road (WAN/Internet). You can still use a reverse proxy and custom domain names so inside the VPN network everything is HTTPS and each service has a nice domain name.

      • valar@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        2 days ago

        This seems a bit extreme to me. I have services exposed to the Internet, with reverse proxy and auth.

    • philanthropicoctopus@thelemmy.clubOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 days ago

      This is where I get really lost. I’m probably going to get this wrong so here goes

      My understanding was tailscale is to connect different machines across the internet, but that a traditional VPN hides your information

      I got a domain so I could use my traditional VPN and access my server. At the moment, every time I want to access my server, I have to turn off my VPN so I can turn on tailscale. That’s the exact scenario I’m trying to avoid by getting the domain.

      Again, I’m sure I’ve got some stuff wrong here but that’s my current understanding

      • frongt@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        1 day ago

        If you really want to, you can use tailscale to home, then route your outbound traffic over the other VPN. But that’s a bit tricky to set up and it’ll probably be pretty slow.

        Using a VPN for privacy is overrated, unless you have a government or ISP that is actively snooping on your traffic. The majority of connections are already encrypted with https.