What is the safest way for my to enable access to my Raspberry Pi currently sitting on a local network?
Hey folks, I just set up a Raspberry Pi home server with a bunch of containerised apps (FreshRSS, Firefly III, etc.). I'm now looking at some options to let me access this Pi from a device outside the network and am a little bit intimidated by all the options that I seem to have.
My requirements are just to be able to access the Pi from my Android phone or Linux laptop and access the FreshRSS service. I'm not looking to stream media over this connection or do anything super data intensive. I don't have a static IP address or a domain name, but I do use a VPN subscription (some guides I read suggested that you could use a VPN to connect externally but haven't looked to deep into this yet).
With this in mind, what would be my best option? Thanks in advance for your help!
Ssh with ed25519 pubkey access and password login disabled works fine for me. I have access from my phone via termux and any other terminal software.
As far as your changing ip goes, you could have a cron job that periodically checks your current IP and notifies you of changes over telegram or other method.
I'm currently using cloudflare tunnel. It works with ssh but you have to have cloudflare cli on the client. Please note that I'm a complete noob and this probably isn't the best solution.
Install Tailscale on your Pi and on any other device you want to access it from. It’s super straightforward and you should be able to connect the two devices without opening any ports instantly.
Safest and fast - Wireguard. But you need to setup duckdns too.
Safest and easiest - Tailscale. It's a userland implementation of Wireguard with added stuff to make it stupidly easy to run. But because it's not a kernel module, it's slightly slower.