I’m not really sure how to ask this because my knowledge is pretty limited. Any basic answers or links will be much appreciated.
I have a number of self hosted services on my home PC. I’d like to be able to access them safely over the public Internet. There are a couple of reasons for this. There is an online calendar scheduling service I would like to have access to my caldav/carddav setup. I’d also like to set up Nextcloud, which seems more or less require https. I am using http connections secured through Tailscale at the moment.
I own a domain through an old Squarespace account that I would like to use. I currently have zero knowledge or understanding of how to route my self hosted services through the domain that I own, or even if that’s the correct way to set it up. Is there a guide that explains step by step for beginners how to access my home setup through the domain that I own? Should I move the domain from Squarespace to another provider that is better equipped for this type of setup?
Is this a bad idea for someone without much experience in networking in general?
On your DNS provider, make an A record with your IP address, AAAA record with your IPv6 address. If these addresses change often, either setup a dyndns (your DNS provider needs to support this) or pay for a Static IP from your ISP. Firewall the hell out of your network, have a default deny (drop) new inbound rule, and only open ports for your service. Use an nginx reverse proxy if possible to keep direct connections out of your service, and use containers (docker?) for your service(s). Don’t forget to setup certbot and fail2ban. You need certbot to auto update your certs, and you need fail2ban to keep the automated login hacker bots from getting in.
That’s the minimum. You can do more with ip region blocking and such, as well as more advanced firewalling and isolation. Also possible to use Tailscale and point the DNS A record to the Tailscale IP, which will eliminate exposing your public IP to the internet.
If I use Tailscale as described, how will a request connect to the tailnet? Is there anything you can link that explains how to do this?
When you put your server’s tailscale IP in the dns, anything that looks up that dns gets the tailscale IP. You only need to connect the devices you want to have connect to the server to the same tailscale network, and your system will handle the routing.