I have an old laptop lying around and I have been meaning to self host some stuff on it but never got around to it.
My biggest limitation is that I only have WIFI and I do not control the network. It’s basically your default residential WIFI network.
The only thing I actually need is self-hosted cloud. What can I utilize this laptop for?
I started off with pi hole when i started messing around with an old laptop for self hosting. My advice is setup what you think is useful.
To access the server outside your home, tailscale is a great option. Fairly simple to setup especially if its just you accessing the server.
Reverse proxy would be best if you intend to let others acess your servers services often or if you dont wanna mess with tunnels. I settled on cloudflare tunnels because i didn’t want another thing to turn on to acess my server outside my house.
When I didn’t have a carrier grade nat to deal with, i used caddy server for automatically getting ssl certs from lets encrypt and reverse proxy all in one. I really liked that once i got it setup.
I can’t be connected to Tailscale and some other VPN at the same time, can I?
Depends on the device, but on devices like android no.
I can’t say I’ve gone through with it myself, but in theory you could have a host somewhere connected to a VPN that you send a your tailscale traffic through as an exit node
On Android and I believe IOS it’s a single connection. I would start with the basic functionality (also don’t create a tailscale account with GitHub bc it does weird things with sharing if you ever want to have multiple users).
Once you’ve got the VPN and storage working I can think of two options to give you the functionality of 2 vpns
- tasker is an android app that can let you automate a lot. It might let you switch vpns when opening say your storage app and switch back a bit easier than toggling it in settings.
- setup your lap-server at home with an outgoing public VPN so traffic goes mobile device> tailscale> public VPN. Essentially acting like you’re home using your public VPN. This may take some tinkering to work properly, especially when you’re home on the same network. Plus you would definitely see a Network speed impact on your phone.
Tailscale and Mullvad VPN recently partnered up to solve this exact issue. So in the admin panel of tailscale you could set up a device as an exitnode and then have that run through one of Mullvads servers. It’s all very neat and simple 😊
Exit nodesSubnet Routers KICK ASS.Makes it so my RPi enables me to manage any device on my home network from anywhere. I can print from my laptop or phone to my home printer. No need for a Tailscale client on hardware devices.
An Exit Node provides a LAN exit path for connected devices - so any of my TS connected devices can route to the internet through my home network, gaining RPi DNS filtering along the way (though I don’t do this for performance reasons, it’s just an example).
Edited to correct my misuse of exit node, and clarify the difference between it and Subnet routing.
That sounds awesome.
That i can’t say. Id imagine no at least on android.
If you dont mind the extra setup, cloudflare tunnels are awesome. https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
I prefer this over tailscale as i dont want to have an app i need to access my server.
Tailscale only requires one app install, on a device in your network.
That device can be configued as a subnet router (providing local network access to Tailscale connections).
Then using either the Funnel or Serve option, remote devices can access your Tailnet without a client installed.
Just an option, another way of achieving similar results (though with different capabilities) as Cloudflare.
Edit: Funnel enables non-TS clients to access TS resources. Serve enables foreign TS clients to access your TS network.
The more you know! Do you know any guides that go over this? I’d be interested in setting this up.
Edit:
Its apart of thier docs. https://tailscale.com/kb/1019/subnets?q=subnet
Why would you be?
Generally Tailscale uses an app on every device to be a member of the Tailscale Virtual Mesh network.
Though by using the Funnel, Serve, and Subnet Router features you can access things without the Tailscale client app.
With most consumer wifi networks you can usually enable port forwarding. That would let you access services from anywhere.
Personally I would set up a Wireguard VPN server on the laptop and enable port forwarding only for the Wireguard port. This will let you access your laptop from anywhere, and it will protect you by limiting your attack surface (basically you only need to have a device Wireguard connection and you don’t need to worry as much about securing every other service you want to run).
Then I’d set up dynamic DNS with any DNS provider so you don’t need to keep track of a changing IP.
Then you can install whatever services you want on the laptop and you’ll be able to access them from anywhere by connecting to the Wireguard VPN. It does mean you can’t easily let a friend access a service on your laptop, but the tradeoff is you don’t have to worry as much about security while you’re learning.
I think OP cannot tinker with its router. At least, that is my case.
That’s a shame. I didn’t realize it was that locked down. Ive had a lot of terrible routers but all the ones I remember allowed me at least a port forward.
I think OP can accomplish some of the same result if he can get a cheap VPS to connect through (have the laptop Wireguard to the VPS, then have a proxy on the VPS forward to the laptop over the VPN, but that’s probably not worth the hassle for a starter project unfortunately.
I haven’t used it personally, I think Tailscale would help here. It sounds like it doesn’t require port forwarding, and uses Wireguard under the covers.
In my case, I don’t technically own the router but it’s provided by my service provider. They don’t give you the password for the admin access
I did that — free VPS w/public IP, WG to my router. Works great!
Which Vps provider are you using?
Oracle. Philosophical issues aside I’ve been happy, and can’t beat the price. Bandwidth is pretty limited, but that’s not a huge problem for me right now.
You can, but if you don’t control the main router and can’t do any port forwarding, it will be hard to make it accessible from outside your LAN.
Tailscale + truenas is a
simplesolution that should allow OP access outside the network without any network config. EI’ll give that a look.
Yeah the best hope is that upnp is turned on. I think that’s the protocol that allows automatic port forwarding to happen
I think self-hosted cloud is a vague statement, but I think with your network infrastructure you will be limited in what you can do. I think cloudflare tunnel could be a good option for getting the device available online.
Then the self-hosted part. There are so many things you can look into. You can run everything in Docker, install the software you want directly on your laptop, and much more.
You’ll likely also need a reverse proxy. Can use nginx proxy manager, traefik, or something similar for that.
What are your goals with the self-hosted cloud? That would help you in making it easy to find resources and others here to give you advice.
Edit: typo’s
What are your goals with the self-hosted cloud?
I have about several dozen GB of files that I currently sync with Syncthing between my devices. The only downsides I can see is that it takes the same amount of space on all my devices and it’s hard to add a new device to the group. I’d like to store the files on the laptop instead and be able to browse, access them from my other devices (mainly Linux and Android), ideally through the internet.
Exposing your internal devices to the internet is not suggested unless you know how to secure it behind a reverse proxy.
Switch to Resilio Sync, it has a sync-on-demand feature called Selective Sync, where you can browse the share and select files to sync now.
It’s a feature of Resilio I really like, but I rely on Syncthing for daily use because Resilio kills phone memory (it stores the index in ram), and it’s much more resource intensive on my file server.
Dozens of GB sounds like there’s a lot of media files to me. I’d not share that via Syncthing. Assuming that is correct: Wouldn’t a media server like Jellyfin be a better fit? Or if it’s photos, I recommend Immich. Note that Immich is under active development and should not be your only place to store photos.
Yes, that’s why I’m looking into alternatives. Could I use jellyfin with the limitations that I have?
I think that should be possible. You’ll likely need to get Jellyfin running with that cloudflare tunnel. There are probably alternatives to cloudflare tunnel as well, but I’m not very familiar with it. I believe there are some limitations with the tunnel, so you will have to check that out. Otherwise there should be no issue.
I have a laptop motherboard setup with proxmox running:
- plex
- radarr,sonarr,prowlarr
- opnsense
- foundry VTT
- pi-hole
- unifi controller
- qbittorrent
- kavita
This is running on an i5-1135 with 40gigs of memory. If your frugal about how you have stuff setup you can pack alot of services into old laptops.
If I may ask, how exactly do you use OPNsense? Is it a gateway between the WAN and LAN interfaces, or do you just use it for the LAN-facing services?
Yes its my main router. Everything comes into the laptop across one interface setup as a trunk that includes vlans for WAN, LAN, etc. From there proxmox has a vlan aware linux bridge setup that connects to all the VMs/containers that I run. The VM virtual interfaces get tagged with whatever network I want the host to be part of.
What about wireless devices, are they on the LAN side too?
Yes. A unifi ap connects all my wireless devices to my LAN
That was informative, thanks.
When you say WiFi to you mean that you only have WiFi access or does the labtop not have a Ethernet port? If you have a wired connection I would get either a thunderbolt or usb3 adapter to hardwire it as a hardwired connection will be more stable even on USB speeds.
The OS will depend on what you want to host. If its a older system with less than 8 GB of ram I would just install Debian with docker. You can find premade docker compose files online which should make deploying software easy.
If you have plenty of hardware you could install Proxmox and then a few VMs.
Edit2:
Actually I take back what I said, don’t use Kubesail. I went back and tried it and it has a lot of issues. If you want remote access consider a VPN or remote vm
What are the advantages of kubesail? I couldn’t understand it form their website
Never mind, I actually am taking back what I said.
I ended up trying it. In theory it’s all nice and useful, because it solves the part that I am not comfortable with (router settings, domains and other connection stuff). But then I don’t know Kubernetes so I couldn’t understand what I was doing and I was not able to troubleshoot it. And I could not connect to my server remotely anyway.
And that’s the reason I am taking back what I said. At the end of the day wireguard is your friend.
deleted by creator
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol SSH Secure Shell for remote terminal access VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
6 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.
[Thread #379 for this sub, first seen 27th Dec 2023, 13:55] [FAQ] [Full list] [Contact] [Source code]
I starter my home server with a laptop. I did nextcloud, paperless, jellyfin + *arr services, photoprism, and a few others.
Not having control over your network is the biggest hurdle because you kind of need a fixed IP to access it.
However, there are some services to broadcast your hostname to the local network (e.g. so you can log in with serveruser@myserver over SSH).
You may be able to use that to access your containers from the network, but just keep in mind that other users on the local network can also access your server.
Fixed IP doesn’t matter today with virtual/mesh network approaches like Wireguard/Tailscale.
They open an outbound connection, so the router treats it like any other connection. Once the tunnel is established, inbound comms can take place.
Using Tailscale’s Subnet Router enables access to local devices that can’t run a TS client, while the
Serve andFunnel options enable external access from devices that don’t have the TS client installed. Edit: Serve is for sharing to TS clients that aren’t part of your TS network.It’s really interesting to see these solutions today, when Hamachi was doing it 20 years ago. Glad to see it’s caught on, and being developed/extended.
Local only does not provide much value over what I have, unfortunately. I would probably just use KDEconnect for that.
Sell it
Without being able to set a static ip and forward ports you cant host services and point to them with a domain, like driveway-home.com or something.
But I think cloudflare has a service that lets you connect remotely without needing static ip’s (some one else will know the name). If you were to use that then you can use your laptop to host pretty much anything on the Awesome Selfhosted List.
I would advise against port forwarding without at least a proper firewall with isolation. It is very very dangerous to expose things to the internet and it will backfire at some point, sometimes without your knowledge.
Back when I first started I used a service called kubesail https://kubesail.com/
Now that I have way more hardware I just use a VPS on Linode to route traffic.
CloudFlared is the application you run on your server, and CloudFlare tunnels are what it connects with. You get the same outcome as a ddns but it functions differently under the hood. You also need a domain name for this I think.
DuckDNS might be a good option to start out with.
One thing that might work is uPnP to open ports.