Yeah the IP:s are there for the world to see, but you won't easily know they belong to me unless I point to them from my domain.
I'm running a server at home without portforwarding. I connect to it using Nebula on VPS, which is like Tailscale without having to trust anyone.
Accessing your resources away from home
Hello nerds!
How do you go about accessing your self-hosted resources when you're away from home?
I've used portforwarding, VPN, Tailscale and Headscale in that order but recently switched to Nebula.
Tailscale/Headscale was probably better than Nebula, but I just couldn't stand trusting either Tailscale or the VPS used to host Headscale.
With Nebula I don't need to trust the lighthouses, because they can't access my network even if compromised. I also really like the built-in firewall that's looking at node certs when filtering traffic.
Personal domain or not?
I have a personal domain name. I got it because my first name was available with my country tld.
I use it for email, which I will most likely keep forever, but how about my self-hosted stuff?
I use Slack's Nebula to access my self-hosted resources externally.
Would you mind exposing your VPS:es IP:s to the world by adding them as subdomains? In my case lighthouse1.myname.tld and lighthouse2.myname.tld?
I feel much more secure using DuckDNS for those IP:s as it should make it much harder to identify my attack surface.
Does it make sense or am I just paranoid?
I really don't like the idea of my attack surface being easily identifiable just by my email or first name.
I wouldn't expose ports like that.
If security is a concern I would go with something like Nebula.
https://m.youtube.com/watch?v=94KYUhUI1G0
If you look into it, you can host your lighthouses for free using Oracle Free Tier.