I want to set up a lemmy instance as a subreddit alternative for a community I moderate. I would be running the instance on a local machine in my home so I really want to make sure that it can’t be traced to my physical location.

I already subscribe to ExpressVPN for general use, can I just install it on the local machine, press connect, and boom be anonymous? What impact would this have on users?

  • ijustlookatpictures@feddit.uk
    link
    fedilink
    arrow-up
    4
    ·
    2 years ago

    For all my self hosted stuff I use nginx proxy manager behind a cloudflare tunnel. The tunnel connects to a container on the machine which sends everything to the reverse proxy. no need for vpn or port forwarding

    • lambchop@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 years ago

      This is the only correct answer, the other responses about only showing local ip, and hosting something that goes through a VPN are either wrong or don’t result in a working configuration. A domain must resolve to an IP so connecting out via a VPN just won’t work. Proxying your connection through cloudflare using cloudflareD tunnels is the answer. Users will only see the ip of cloudflare.

    • rlyehfhtagnOP
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      Is there any documentation you could link me to that would go into greater detail about how I can do that?

  • nivenkos@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    2 years ago

    I think you can do it but you’ll probably need port forwarding on the VPN.

    Unfortunately Mullvad just cancelled this feature.

    Alternatively you can run your own VPN with a VPS (and use it like a reverse proxy), then you can easily control the port forwarding.

    • rlyehfhtagnOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 years ago

      Alternatively you can run your own VPN with a VPS (and use it like a reverse proxy), then you can easily control the port forwarding.

      This latter part, please forgive me as this is the first time I’m looking into hosting a web service. My plan was to purchase a domain with Google, which would include WHOIS privacy. Is this what you’re referring to here?

      • nivenkos@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        2 years ago

        No, I mean have an external server (ideally with a static IP address) and point the domain to that. And then have your local machine (hosting Lemmy) connect to that server and reverse-proxy the Lemmy port.

        I haven’t tried it with Lemmy so I’m not 100% sure the domain settings in Lemmy would work with this setup (since the domain wouldn’t resolve to your local machine where it’s actually running, and maybe Lemmy depends on that). But the idea is external users would just see the VPS, and have no idea that it’s actually served from your local machine over a reverse proxy there.

        You’d have to pay for VPS traffic though, but aside from that it wouldn’t need much hardware, so should be cheap.

        But you might also want to re-consider running it locally at all in this case. If the instance is small, it might work out just the same just to host it directly in the cloud. And then you can set up automatic setup and migration with Terraform / CDK ,etc.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    At best a reverse IP search can show the general area, no way someone can pin-point your house with it.

    • rlyehfhtagnOP
      link
      fedilink
      arrow-up
      3
      ·
      2 years ago

      Yeah, you’re definitely right about that. I would still like to prevent that from happening. I’d rather it shows the general area of a place nowhere near where I’m at.

  • infinitevalence@discuss.online
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    Most people use cloudflares free proxy service and a fully qualified domain name that they own.

    You could also set up a virtual private server on a host provider like linode or digital ocean and install a point to point vpn as your egress/ingress point.

    • ijustlookatpictures@feddit.uk
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      You can get a couple of free VPSs with Oracle no credit card required as well. I’ve heard some people say theirs were shut down and I read somewhere that they may do if usage falls below a certain amount - I guess cause they’re considered dormant. I’ve never had a problem.

  • homelabber@lemmy.one
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    2 years ago

    If I’m not mistaken to make your instance available to other people you’d have to set up a reverse proxy. And a correctly set up reverse proxy shouldn’t reveal your IP, only the local IP (127.0.0.1).

    I might be wrong, so ask on the !selfhosted@lemmy.world, since it’s more active than this community.

    However renting a VPS and hosting your Lemmy instance there is probably a better idea if you plan on creating a community, since it will minimize risks (DMCA notices, bugs in the Lemmy source code that could expose your server, etc). And it would make scaling easier if your instance grows.

    • rlyehfhtagnOP
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      If I’m not mistaken to make your instance available to other people you’d have to set up a reverse proxy. And a correctly set up reverse proxy shouldn’t reveal your IP, only the local IP (127.0.0.1).

      Thank you for this information, if this is correct it sounds like this isn’t something I need to worry about then.

  • chayleaf
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    Just use Cloudflare. Of course it isn’t perfect, for perfect anonymity you need to register the domain anonymously and use an anonymous VPS, but it’s a good compromise.

  • jax@lemmy.cloudhub.social
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    I don’t think that’ll work, they likely don’t allow inbound connections to their VPN endpoints.

    There are a couple options:

    • Use Cloudflare Tunnels (Free)
    • Use a small VPS from a company like DigitalOcean to run a site-to-site WireGuard VPN + reverse proxy
    • Use a small/medium VPS from a company like DigitalOcean to host your Lemmy instance

    Note: I haven’t done a review of the traffic to confirm if option one or two will leak your IP (it shouldn’t, that’s generally a problem with WebRTC), but it is a potential concern. I do use option 1 currently. Note that tunnels are limited to 100mb file uploads, but iirc there is a bug in Lemmy that effectively limits uploads to 20mb.

  • 𝘋𝘪𝘳𝘬
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    I would be running the instance on a local machine in my home so I really want to make sure that it can’t be traced to my physical location.

    Don’t worry, this is not possible. I just checked with different IP location finders. One got a completely wrong area, the other one found the nearest larger city.