I have an old laptop lying around and I have been meaning to self host some stuff on it but never got around to it.
My biggest limitation is that I only have WIFI and I do not control the network. It’s basically your default residential WIFI network.
The only thing I actually need is self-hosted cloud. What can I utilize this laptop for?
With most consumer wifi networks you can usually enable port forwarding. That would let you access services from anywhere.
Personally I would set up a Wireguard VPN server on the laptop and enable port forwarding only for the Wireguard port. This will let you access your laptop from anywhere, and it will protect you by limiting your attack surface (basically you only need to have a device Wireguard connection and you don’t need to worry as much about securing every other service you want to run).
Then I’d set up dynamic DNS with any DNS provider so you don’t need to keep track of a changing IP.
Then you can install whatever services you want on the laptop and you’ll be able to access them from anywhere by connecting to the Wireguard VPN. It does mean you can’t easily let a friend access a service on your laptop, but the tradeoff is you don’t have to worry as much about security while you’re learning.
I think OP cannot tinker with its router. At least, that is my case.
That’s a shame. I didn’t realize it was that locked down. Ive had a lot of terrible routers but all the ones I remember allowed me at least a port forward.
I think OP can accomplish some of the same result if he can get a cheap VPS to connect through (have the laptop Wireguard to the VPS, then have a proxy on the VPS forward to the laptop over the VPN, but that’s probably not worth the hassle for a starter project unfortunately.
I haven’t used it personally, I think Tailscale would help here. It sounds like it doesn’t require port forwarding, and uses Wireguard under the covers.
In my case, I don’t technically own the router but it’s provided by my service provider. They don’t give you the password for the admin access
I did that — free VPS w/public IP, WG to my router. Works great!
Which Vps provider are you using?
Oracle. Philosophical issues aside I’ve been happy, and can’t beat the price. Bandwidth is pretty limited, but that’s not a huge problem for me right now.
You can, but if you don’t control the main router and can’t do any port forwarding, it will be hard to make it accessible from outside your LAN.
Tailscale + truenas is a
simplesolution that should allow OP access outside the network without any network config. EI’ll give that a look.
Yeah the best hope is that upnp is turned on. I think that’s the protocol that allows automatic port forwarding to happen
I have a laptop motherboard setup with proxmox running:
- plex
- radarr,sonarr,prowlarr
- opnsense
- foundry VTT
- pi-hole
- unifi controller
- qbittorrent
- kavita
This is running on an i5-1135 with 40gigs of memory. If your frugal about how you have stuff setup you can pack alot of services into old laptops.
If I may ask, how exactly do you use OPNsense? Is it a gateway between the WAN and LAN interfaces, or do you just use it for the LAN-facing services?
Yes its my main router. Everything comes into the laptop across one interface setup as a trunk that includes vlans for WAN, LAN, etc. From there proxmox has a vlan aware linux bridge setup that connects to all the VMs/containers that I run. The VM virtual interfaces get tagged with whatever network I want the host to be part of.
What about wireless devices, are they on the LAN side too?
Yes. A unifi ap connects all my wireless devices to my LAN
I think self-hosted cloud is a vague statement, but I think with your network infrastructure you will be limited in what you can do. I think cloudflare tunnel could be a good option for getting the device available online.
Then the self-hosted part. There are so many things you can look into. You can run everything in Docker, install the software you want directly on your laptop, and much more.
You’ll likely also need a reverse proxy. Can use nginx proxy manager, traefik, or something similar for that.
What are your goals with the self-hosted cloud? That would help you in making it easy to find resources and others here to give you advice.
Edit: typo’s
What are your goals with the self-hosted cloud?
I have about several dozen GB of files that I currently sync with Syncthing between my devices. The only downsides I can see is that it takes the same amount of space on all my devices and it’s hard to add a new device to the group. I’d like to store the files on the laptop instead and be able to browse, access them from my other devices (mainly Linux and Android), ideally through the internet.
Exposing your internal devices to the internet is not suggested unless you know how to secure it behind a reverse proxy.
Switch to Resilio Sync, it has a sync-on-demand feature called Selective Sync, where you can browse the share and select files to sync now.
It’s a feature of Resilio I really like, but I rely on Syncthing for daily use because Resilio kills phone memory (it stores the index in ram), and it’s much more resource intensive on my file server.
Dozens of GB sounds like there’s a lot of media files to me. I’d not share that via Syncthing. Assuming that is correct: Wouldn’t a media server like Jellyfin be a better fit? Or if it’s photos, I recommend Immich. Note that Immich is under active development and should not be your only place to store photos.
Yes, that’s why I’m looking into alternatives. Could I use jellyfin with the limitations that I have?
I think that should be possible. You’ll likely need to get Jellyfin running with that cloudflare tunnel. There are probably alternatives to cloudflare tunnel as well, but I’m not very familiar with it. I believe there are some limitations with the tunnel, so you will have to check that out. Otherwise there should be no issue.
When you say WiFi to you mean that you only have WiFi access or does the labtop not have a Ethernet port? If you have a wired connection I would get either a thunderbolt or usb3 adapter to hardwire it as a hardwired connection will be more stable even on USB speeds.
The OS will depend on what you want to host. If its a older system with less than 8 GB of ram I would just install Debian with docker. You can find premade docker compose files online which should make deploying software easy.
If you have plenty of hardware you could install Proxmox and then a few VMs.
Edit:
I forgot to mention I started out using Kubesail. https://kubesail.com/ The UI is nice but ultimately I choose to move on for privacy, speed and a Do-It-Yourself attitude
What are the advantages of kubesail? I couldn’t understand it form their website
Its a startup that offers a web dashboard and a proxy for public access. I used it for a while when it was fairly new and there app store made it easy to find and deploy services.
Never mind, I actually am taking back what I said.
I ended up trying it. In theory it’s all nice and useful, because it solves the part that I am not comfortable with (router settings, domains and other connection stuff). But then I don’t know Kubernetes so I couldn’t understand what I was doing and I was not able to troubleshoot it. And I could not connect to my server remotely anyway.
And that’s the reason I am taking back what I said. At the end of the day wireguard is your friend.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol SSH Secure Shell for remote terminal access VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
6 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.
[Thread #379 for this sub, first seen 27th Dec 2023, 13:55] [FAQ] [Full list] [Contact] [Source code]
I starter my home server with a laptop. I did nextcloud, paperless, jellyfin + *arr services, photoprism, and a few others.
Not having control over your network is the biggest hurdle because you kind of need a fixed IP to access it.
However, there are some services to broadcast your hostname to the local network (e.g. so you can log in with serveruser@myserver over SSH).
You may be able to use that to access your containers from the network, but just keep in mind that other users on the local network can also access your server.
Fixed IP doesn’t matter today with virtual/mesh network approaches like Wireguard/Tailscale.
They open an outbound connection, so the router treats it like any other connection. Once the tunnel is established, inbound comms can take place.
Using Tailscale’s Subnet Router enables access to local devices that can’t run a TS client, while the
Serve andFunnel options enable external access from devices that don’t have the TS client installed. Edit: Serve is for sharing to TS clients that aren’t part of your TS network.It’s really interesting to see these solutions today, when Hamachi was doing it 20 years ago. Glad to see it’s caught on, and being developed/extended.
Sell it
Without being able to set a static ip and forward ports you cant host services and point to them with a domain, like driveway-home.com or something.
But I think cloudflare has a service that lets you connect remotely without needing static ip’s (some one else will know the name). If you were to use that then you can use your laptop to host pretty much anything on the Awesome Selfhosted List.
I would advise against port forwarding without at least a proper firewall with isolation. It is very very dangerous to expose things to the internet and it will backfire at some point, sometimes without your knowledge.
Back when I first started I used a service called kubesail https://kubesail.com/
Now that I have way more hardware I just use a VPS on Linode to route traffic.
CloudFlared is the application you run on your server, and CloudFlare tunnels are what it connects with. You get the same outcome as a ddns but it functions differently under the hood. You also need a domain name for this I think.
DuckDNS might be a good option to start out with.
One thing that might work is uPnP to open ports.