[Question] VPN use to keep my instance from pinpointing my house?
I want to set up a lemmy instance as a subreddit alternative for a community I moderate. I would be running the instance on a local machine in my home so I really want to make sure that it can't be traced to my physical location.
I already subscribe to ExpressVPN for general use, can I just install it on the local machine, press connect, and boom be anonymous? What impact would this have on users?
For all my self hosted stuff I use nginx proxy manager behind a cloudflare tunnel. The tunnel connects to a container on the machine which sends everything to the reverse proxy. no need for vpn or port forwarding
This is the only correct answer, the other responses about only showing local ip, and hosting something that goes through a VPN are either wrong or don't result in a working configuration. A domain must resolve to an IP so connecting out via a VPN just won't work. Proxying your connection through cloudflare using cloudflareD tunnels is the answer. Users will only see the ip of cloudflare.
Alternatively you can run your own VPN with a VPS (and use it like a reverse proxy), then you can easily control the port forwarding.
This latter part, please forgive me as this is the first time I'm looking into hosting a web service. My plan was to purchase a domain with Google, which would include WHOIS privacy. Is this what you're referring to here?
No, I mean have an external server (ideally with a static IP address) and point the domain to that. And then have your local machine (hosting Lemmy) connect to that server and reverse-proxy the Lemmy port.
I haven't tried it with Lemmy so I'm not 100% sure the domain settings in Lemmy would work with this setup (since the domain wouldn't resolve to your local machine where it's actually running, and maybe Lemmy depends on that). But the idea is external users would just see the VPS, and have no idea that it's actually served from your local machine over a reverse proxy there.
You'd have to pay for VPS traffic though, but aside from that it wouldn't need much hardware, so should be cheap.
But you might also want to re-consider running it locally at all in this case. If the instance is small, it might work out just the same just to host it directly in the cloud. And then you can set up automatic setup and migration with Terraform / CDK ,etc.
Yeah, you're definitely right about that. I would still like to prevent that from happening. I'd rather it shows the general area of a place nowhere near where I'm at.
Most people use cloudflares free proxy service and a fully qualified domain name that they own.
You could also set up a virtual private server on a host provider like linode or digital ocean and install a point to point vpn as your egress/ingress point.
I don’t think that’ll work, they likely don’t allow inbound connections to their VPN endpoints.
There are a couple options:
Use Cloudflare Tunnels (Free)
Use a small VPS from a company like DigitalOcean to run a site-to-site WireGuard VPN + reverse proxy
Use a small/medium VPS from a company like DigitalOcean to host your Lemmy instance
Note: I haven’t done a review of the traffic to confirm if option one or two will leak your IP (it shouldn’t, that’s generally a problem with WebRTC), but it is a potential concern. I do use option 1 currently. Note that tunnels are limited to 100mb file uploads, but iirc there is a bug in Lemmy that effectively limits uploads to 20mb.
If I'm not mistaken to make your instance available to other people you'd have to set up a reverse proxy. And a correctly set up reverse proxy shouldn't reveal your IP, only the local IP (127.0.0.1).
I might be wrong, so ask on the [email protected], since it's more active than this community.
However renting a VPS and hosting your Lemmy instance there is probably a better idea if you plan on creating a community, since it will minimize risks (DMCA notices, bugs in the Lemmy source code that could expose your server, etc). And it would make scaling easier if your instance grows.
If I'm not mistaken to make your instance available to other people you'd have to set up a reverse proxy. And a correctly set up reverse proxy shouldn't reveal your IP, only the local IP (127.0.0.1).
This is incorrect. The reverse proxy only handles the internal routing, so if you're not tunneling, or otherwise obfuscating your IP, selfhosting websites exposes your IP address.
If I’m not mistaken to make your instance available to other people you’d have to set up a reverse proxy. And a correctly set up reverse proxy shouldn’t reveal your IP, only the local IP (127.0.0.1).
Thank you for this information, if this is correct it sounds like this isn't something I need to worry about then.