Hello!
I’ve been playing around with self-hosting for a while now and I’ve started moving over to a VPS. At home I have a PC that’s on more or less 24/7 with an *arr stack, jellyfin and some other services. They can only be accessed through Netbird. The services aren’t that important, the data doesn’t really need to be backed up since it’s not very important. On the VPS, however, I would like to host some more critical services, such as:
- Vaultwarden
- Immich
- Gitea
- Overleaf
I want them available 24/7, even if I decide to distrohop and wipe my PC at home. The problem is how to structure all this. My current idea is to run Gitea and Overleaf out in the open behind some reverse proxy without authentication (Nginx or Nginx Proxy Manager). I’d like Vaultwarden and Immich to be on the same VPS, but, I don’t want those services to be accessible to anyone but me, so I’d need some form of ACL or authentication system. I’m thinking of using Netbird for this, since I already use it on all of my devices.
So I would set up DNS records from within Netbird that would point immich.domain.tld and vaultwarden.domain.tld to the internal Netbird IP of the VPS. In the reverse proxy, I’d set up access control such that it only redirects the Netbird IP range to those services. On Cloudflare, I’d point git.domain.tld to the external IP of the VPS with proxy enabled.
Everything would receive HTTPS certificates, and I’d block incoming traffic on every port except for 80 and 443.
Is this a good setup? Any tips or recommendations? Any pitfalls?
Thanks!
Many thanks for mentioning Anubis!