I have a nice little computer in my house which hosts a bunch of services I use. It sits behind a NAT, so I can’t connect directly to it via my public IP address. Hence, I use a cheap cloud instance on DigitalOcean to act as the gateway for my home-server to the internet.

My previous setup was basically a VPN tunnel between a cloud server and my home server, where the cloud server forwarded TCP traffic to my home server, which served all my services.

Lately, I’ve been rebuilding this infrastructure, and one of the things I was due for, is to have all my devices (my cloud server, home server, laptop, phone, etc) connected to each other all the time. Also, it needed to be in a mesh instead of hub-and-spoke, as there was no need for data to go over the internet if I’m home, on the same physical network as my home-server.

I spent a good amount of time trying out a bunch of methods, until settling on one. This post runs through all the options I found, and why I chose what I chose. I won’t go into how to set it up - there should be plenty of articles and documentation on the internet. TLDR: I now use tailscale with a headscale server.

Writing intros to posts is such a hard thing. I’ve spent more time on what to write in this paragraph than the rest of this article. You’re supposed to start with a background and a motivation, and conclude with a sentence that you finally did it, and here is how.

I have not done it yet. This thing keeps evolving. As to why I started doing this: it’s fun. It’s fun and powerful to be in control of where your information resides. It’s fun to build a system to manage this efficiently. There are also some benefits too: much more control over my data and the services. These are also all open-source so I can add missing features which I really really want, and I don’t have to abide by the restrictive terms and limits of other platforms. And I don’t lose everything if a platform wants to shut itself down or delete my account for using their product wrong.

Disclaimer: I have not worked as a sysadmin anywhere in my professional life, nor do I consider myself to be very good at it.

I’ve self-hosted a small part of my personal infrastructure (IRC bouncer, VPN server, torrent client, etc) for a while now. These services were set up over the course of a week on the tiniest DigitalOcean instance five years ago, never to be touched again for the next three years.

Two years ago, at Hackbeach 2017, Arun Singh gave a small talk on Infrastructure as code and Terraform. Around then, I had recently started frequenting /r/selfhosted, and decided to start self-hosting more of my services. Upon finally logging in into my server after three years, I couldn’t understand anything about the way it was set up. Port 443 seemed to be occupied by OpenVPN (for punching through restrictive firewalls), which proxied HTTP traffic to HAProxy which proxied it to a web server, and so on.