Hello everyone :D

I’m looking to host some gaming servers to play with my friends (minecraft, enshrouded, and others), and some apps (paperless-ng, jellyfin, seafile, etc.). Each game server must be accessible from the Internet, but only certain applications will be accessible (jellyfin, etc.)

I don’t want to open any ports on my router or share my public IP. I already have a domain name, and I’m thinking of using some VPS to host a reverse proxy with tailscale or netbird.

For the VPS, I’m thinking of using OVH with unlimited bandwidth. I already have the domain name here, and I live in France where the servers are.

A few questions :

  • Is this a good idea ? Any better solution is welcome.
  • I don’t really know how I’m going to redirect subdomains to use the correct reverse proxy. Local DNS on the VPS ?
  • Tailscale or Netbird ? (I actually don’t have any idea)
  • Won’t using Tailscale or Netbird like this cause performance losses on game servers ?

Reverse proxy :

  • nginx for application
  • infrared or gate for minecraft server
  • Others for different game servers if needed.
  • Limonene@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    Using a VPN (like Tailscale or Netbird) will make setup very easy, but probably a bit slower, because they probably connect through the VPN service’s infrastructure.

    My recommended approach would be to use a directly connected VPN, like OpenVPN, that just has two nodes on it – your VPS, and your home server. This will bypass the potentially slow infrastructure of a commercial VPN service. Then, use iptables rules to have the VPS forward the relevant connections (TCP port 80/443 for the web apps, TCP/UDP port 25565 for Minecraft, etc.) to the home server’s OpenVPN IP address.

    My second recommended approach would be to use a program like openbsd-inetd on your VPS to forward all relevant connections to your real IP address. Then, open those ports on your home connection, but only for the VPS’s IP address. If some random person tries to portscan you, they will see closed ports.

    • ArtikBanana@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      Just chiming in about Tailscale.
      The initial connection uses their server just to reach / connect to the other peer. After that, the peers are connected directly and all communication is direct.

    • Dragnansia@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      I’m going to try your first approach, which seems to be what I want.
      The second one looks tempting, but the first one seems to be more secure, I think.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    cloudflare tunnel?

    Stick the cloudflare container in a docker network with other services you wish to expose for access.

    • Dragnansia@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      This can be a solution, but only for game servers, and I’m just going to use Tailscale or Netbird for apps.

      From what I can see, it’s possible to use this for playing Minecraft with this mod, modflared. Not the best solution, but a working one (I hope).

      • PeachMan@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        9 months ago

        but only for game servers

        Why? I use tunnels for everything, all sorts of apps included. They’re easy to set up, and reliable.

        Tailscale is a good solution, though. I use that as well.

        • Dragnansia@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I don’t know if this is paranoia, but I don’t read good things on Cloudflare for privacy.
          And after some thinking, using OVH VPS is not the best thing to do for privacy…

          You got me 😂

          • PeachMan@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 months ago

            They’ve had some security breaches, like most companies. If you’re feeling paranoid, do some reading on nginx vulnerabilities.

            Exposing your home servers to the Internet is always risky. There is no 100% safe way to do it.

  • ArtikBanana@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    9 months ago

    Tailscale funnel lets you expose services to the internet without opening any ports.

    There’s also the option of inviting your friends to your Tailscale network and limiting them to specific services. But they’ll have to install it on their devices.

    • Dragnansia@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      I’m going to look at Tailscale Funnel and I don’t want my friends to have to install software to play.