My self-hosting experience is primarily with Plex and qBittorrent, but I’m trying to get a digital library set up that will be available remotely. I’ve been reading about some options, but I’m not sure about what is best to use or how to deploy it.

What is the best way to make Kavita available to remote users safely from a home server?

  • 𝕽𝖔𝖔𝖙𝖎𝖊𝖘𝖙@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    I would disagree.

    Particularly on the cost/beta stuff.

    Tailscale has long supported DNS addresses that link to your tailnet. Typically they only accept connections from addresses allowed within your tailnet, but there isn’t anything particularly complex about how funnel allows any incoming address.

    Further, like most of tailscale’s operations, funnel isn’t requiring them to host or even proxy any significant amount of data, it’s just directing incoming connections on that domain to a device on your tailnet.

    The hosting cost to tailscale is insignificant and really no different than what they do on a basic tailnet.

    I don’t think it will become a paid only option and I don’t think it’s too beta to use for a home server.

    Personally I don’t bother using it because I’m comfortable exposing my IP address and opening a port to my home server using direct DNS.

    But there are some advantages to using tailscale funnel in that your ip will be obfuscated and the traffic will be routed through WireGuard so potentially more secure.

    • Atemu
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Typically they only accept connections from addresses allowed within your tailnet, but there isn’t anything particularly complex about how funnel allows any incoming address.

      P2P wireguard connections that is. Funnel needs to accept arbitrary connections.

      Further, like most of tailscale’s operations, funnel isn’t requiring them to host or even proxy any significant amount of data, it’s just directing incoming connections on that domain to a device on your tailnet.

      And how is that supposed to work without proxies? You can’t just point DNS at some device’s public IP and then expect everyone to be able to connect to it; that’s not how firewalls work. TS IPs aren’t routed on the public internet either (100.0.0.0/8 is IANA reserved).

      AFAIK the way TS has always worked is that it does its P2P magic to build WG tunnels between devices and then does regular IP over those. IP traffic cannot go between devices otherwise (unless they’re on the same network ofc.).

      there are some advantages to using tailscale funnel in that your ip will be obfuscated and the traffic will be routed through WireGuard so potentially more secure.

      How exactly is your IP going to be obfuscated without proxies? How will traffic be routed through WG without proxies?

      • 𝕽𝖔𝖔𝖙𝖎𝖊𝖘𝖙@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        You are right, I dunno why I thought it wasn’t actually proxying all the traffic.

        I can see how that could potentially be expensive for them if you were using it to stream video or something