I’ve been thinking about finally getting myself a proper domain for my server, but a friend told me that to get one I either need a VPS with a public ip (which just takes all the fun out of selfhosting) or purchase a static ip, which is beyond what I’m willing to spend for a hobby. Do I have any good options or should I just let it go?
Also, if this isn’t the correct community for this, I’d appreciate being pointed to the right one, thank you
I run a variety of self hosted things via my domain on a dynamic IP. I just have dynamic dns set up to check my current public IP periodically, and update the dns entry if it changes.
Yes it’s possible. You can buy a domain name and then do literally nothing else if you want.
If it’s just for LAN use, you don’t even need to buy a domain name. You can use anything under the home.arpa, test, or internal TLDs. https://en.wikipedia.org/wiki/Special-use_domain_name
VPS with a public ip (which just takes all the fun out of selfhosting)
Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.
I’ll be honest, despite already having a reverse proxy on my home setup I did not think of doing something like that. That sounds like a great idea
Cool, I recommend it!
I have my public facing reverse proxy point to my public services, and I also have it set up as a “roadwarrior” VPN to my home. So, I can connect my phone via WireGuard to my VPS, and a local DNS resolves my private services to the private IP addresses in my home network (so, I also run a reverse proxy on my server, for internal services).
I also have an off-site backup using this — just a raspberry pi and an HDD at family’s, that rsyncs+snapshots over the WireGuard network.
I’m sure I’m not following all the best practices here, but so far so good.
If you only need it to be accessible inside your home, then you just need to run your own DNS. Have your dhcp point at your DNS and your DNS declare itself the master for your domain.
To get full functionality, you’ll probably want to have your registrar point to the public IP you get from your ISP as the domain’s authoritative name server.You should be able to script it to update the registrar when your ISP changes your IP, but that usually happens infrequently enough to do manually. Obviously can’t do that if you’re behind CGNAT.
To get Lets Encrypt certificates, you can do the DNS challenge. If your ISP gives you a (even inconsistent) public IP, you can do fancy ‘views’ with your selfhosted DNS, where it responds with private IPs inside your network and your ISP-given IP outside your network. I have certbot set up to expose my DNS & web server just before it starts its renewal process, then close the firewall after. Once you have the certificate, you can move it to where ever it will actually be used.
I use this, Cloudflare zero trust. I run a connector (tunnel) named cloudflared on a raspberry pi which connects to cloudflare. The zerotrust tunnel configuration (in CF dashboard) lets me route http traffic into my local network by domain. The Application access policy in zero trust lets me secure it.
I realize there is a lot of back and forth among selfhosters about Cloudflare’s usage, but I am thoroughly pleased with the set up. The only thing I chuckle about is their promotional emails.
Your site saw more threats last month than the average site on Cloudflare. Here’s what that means: The good news is that these threats were mitigated by Cloudflare with the basic web application firewall (WAF) and bot protection you have on the Free plan. The bad news is that more complex and sophisticated cyber attacks may not be stopped by your current web application security posture.…however they promise if I spend some money, that will all go away, and it might, but it’s good now so don’t wake the sleeping dog.
You can use Netbird reverse proxy to connect your domain to any device on your mesh. Netbird cloud supports the reverseproxy too now if you don’t want to self host netbird on a VPS.
What are you asking? You can just buy a domain whenever you want. You can use it on your server without a VPS or static IP.
Are you asking us how to make your services reachable at that domain publicly over the internet?
I started with dynamic DNS on my home server, then moved to an encrypted tunnel. the issue with ddns is that your provider may block your ports. Mine eventually blocked 80, 443, and the wire guard port.
When I switched to tunnels, with cloudflare as my provider, there was nothing my provider could do about it.
So, I’d recommend tunnels since many providers don’t want residential users hosting servers.
but a friend told me that to get one I either need a VPS with a public ip (which just takes all the fun out of selfhosting) or purchase a static ip
Neither of those are requirements. Just buy a domain at a registrar that allows you to dynamically update an IP address with a domain you have there. Look into DDNS update scripts and/or your own internet router, many routers have that feature built-in already.
I’ve had a domain with a dynamic up for over a year with no problems. I have a simple script that runs every 30mins to check if my IP has changed, then updates the DNS records when required.
You do not need a static IP address or dynamic DNS if your domain registrar provides a REST API. My current registrar is Porkbun and they have a REST API. I simply have a cron job that regularly checks if my public IP[1] differs from the domain’s A-record. If it does, it updates the record to match the public IP address using their API.
I use Porkbun’s ping endpoint to obtain my public IP. There are also alternatives such as Ipify. ↩︎
DynDNS is your friend.
You can use Netbird Cloud’s reverseproxy to point your domain to a device on your wireguard mesh.
That way your home server can be under 3x NATs and dynamic IP and you’ll still be fine.
Later if you want to own the netbird you can self host it on a VPS if you’re willing to migrate all devices to your self hosted wireguard mesh.
Sure, you can just use your home wifi. Some of them are static, and others don’t change really often, like once a month, so dyndns will work well. You could also use cloudflared that is a proxy you can use even if you can’t open your ports
What you’re looking for is called Dynamic DNS. I use Cloudflare for my DNS (which feels a little like making a deal with the devil) and Cloudflare-DDNS to automatically update my DNS records when my WAN IP changes. Basically, the container checks the current WAN IP, checks the current Cloudflare DNS records, and pushes a change if they don’t match. It runs every few minutes, and then rests again until the next check. I’m sure other DNS providers have similar ways to set up DDNS.
It’s not a 100% foolproof thing, because your WAN IP changing will take a few minutes to update. But a few minutes of downtime is much better IMO, when the alternative is needing to manually VPN into my server (if the VPN even still works, since the WAN IP changed), and troubleshoot it every time the IP address changes.
You can configure it to run as often as you want (well, I’m not sure about cloudflare, but with other services you can, like DuckDNS)
I have a domain, but all I use it for so far is email (with an email provider, not my own mail server, hosted locally or otherwise). I’d still call that “usable,” though.
