I would like to host my own web server with a domain name I purchased but my public IP isn’t static.
I run ddclient on a local machine and it updates my Cloudflare DNS records if my IP changes.
OPNSense has it built in too, if you use it. So does PFSense, I think. Been a while, might be misremembering.
I do this too. I proxy my DNS which means my home IP isn’t exposed
Jup, I use my pfSense as DDNS client with Cloudflare
I’ve been using freedns.afraid.org for about a year now.
I’ve also been on freedns.afraid.org for many years. Back when I switched from dyndns, it wasn’t possible to get Let’s Encrypt certificates on afraid.org’s domains, but that might have changed. I worked around it by taking a domain I already owned and using a CNAME to point it at my afraid.org domain.
I use Let’s Encrypt on my domains, but they’re domains that my afraid.org subdomains point to.
I’m using DuckDNS, it has a plugin for pfSense / OpnSense.
I use duckdns.org , but if you are trying to host a webpage I totally recommend using Cloudflare, Cloudflare tunnels and a reverse proxy like nginx.
Setting it up may be a bit tricky, but it is a gamechanger. I followed Ibracorp’s guides and I had no problem.
your domain provider probably has an api to update dns records i use cloudflare with their api because then i can hide my ip behind their proxy or if i don’t have a public ip i can use their tunnels
Tunneling is one of the better options out there tbh.
If you only need public access to things like HTTP or SSH you don’t necessarily need to run dynamic ip and just setup Cloudflare Tunnels. So far I haven’t needed to put anything public that doesn’t run on the provided tunnels.
Where are the settings for these tunnels located in Cloudflare? I was looking around the website last night but didn’t have any luck.
It’s confusing. I think they are under zero trust now
Look under the Zero Trust category and then once there you’ll see another menu item called Access. There you’ll find Tunnels, in addition to Tunnels you can add an Application in the same Access menu to create policies that only allow certain clients to connect.
Cloudflare tunnels is the way to go for small self hosted content. You’re hiding behind their ddos protection and your IP / location remains hidden from end users.
Does it work for RDP?
Sort of? https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/use-cases/rdp/ - I have no idea how to do it though.
I’ve had SSH and VNC sessions rendered in web pages with tunnels, but never RDP.
I would prefer to use TailScale (www.tailscale.com) for something like RDP though, much easier to configure / set up and again you’re hiding behind their infrastructure.
I use a Cloudflare tunnel rather than a dynamic DNS provider. Some in the self hosting community are opposed to Cloudflare, but I appreciate the tools they provide (especially Zero Trust so I can put my self hosted apps behind Okta).
+1 for tunnels, easy to use and no port forwarding required
My IP isn’t technically static but it hasn’t changed in the 3 years I’ve been with this ISP.
This. But I use namecheap and the built in tool on pfsense to keep an A record up to date if it ever changed.
I should automate something like that too. I just have one A record pointing to my IP and all my subdomains CNAME’d to that so that if it ever changes, I just have to update that one record.
I have NameCheap as well. I was trying to set this up with the ddclient on OPNSense but the logs suggested it couldn’t connect to NameCheap. What do you need to authenticate other than the DDNS passcode supplied by NameCheap?
Oof. Set this up years ago now…
Add the hostname IE public Add the domain name IE starkcommando.com
This will be public.starkcommando.com
Leave username blank (this was a gotchya for me, if I recall correctly)
Then put the generated namecheap ddns password (not your account password) that matches the record in.
All set.
I use this container, favonia/cloudflare-ddns, for Cloudflare and my domain.
First step would be to ensure that you can do port forwarding.
- Check if your IP address isn’t a private one or CGNAT.
- Now set up reverse proxy and try connecting to your service. If it connects, you are okay.
- Now this is something i didn’t know could happen but it did end up happening to me. I was happily port forwarding for a few months, until suddenly my port forwarding stopped working. Now I called my ISP, they said they did nothing(my ISP is a few guys who have no Idea about what they are doing, the other option to them is 512kbps DSL connection) at this point all my ingress ports are blocked and even outgoing ssh is blocked. Then the new month starts and everything is working again. I looked at my ISP website to get an idea of what may have caused this and the case seems to be that it was the first time I crossed 100GB in uploading. So my ISP has configured things such a way that port forwarding only works for the first 100GB of uploading.
This is why I strongly recommend cloudfare tunnel or any other similar solution.
I use cloudflare and have a dyndns client running on my synology nas
The easiest thing to do is to use https://www.duckdns.org/ and then point your domain as a CNAME to this duckdns subdomain.
I use myfritz.net for my homeserver. It is included in the routers of AVM 🐱
DNS-O-Matic (recommended by CloudFlare, among others) combined with SWAG and Authelia will handle dynamic DNS, reverse proxying, SSL certificates, and MFA. SWAG (nginx, Let’s Encrypt and Certbot) and Authelia (MFA) run nicely in a 2 container Docker stack.
Mine have been running for ~18 months on my NAS, though I have a fixed IP so no longer use a DDNS provider.