I want to set up a lemmy instance as a subreddit alternative for a community I moderate. I would be running the instance on a local machine in my home so I really want to make sure that it can’t be traced to my physical location.
I already subscribe to ExpressVPN for general use, can I just install it on the local machine, press connect, and boom be anonymous? What impact would this have on users?
If I’m not mistaken to make your instance available to other people you’d have to set up a reverse proxy. And a correctly set up reverse proxy shouldn’t reveal your IP, only the local IP (127.0.0.1).
I might be wrong, so ask on the [email protected], since it’s more active than this community.
However renting a VPS and hosting your Lemmy instance there is probably a better idea if you plan on creating a community, since it will minimize risks (DMCA notices, bugs in the Lemmy source code that could expose your server, etc). And it would make scaling easier if your instance grows.
If I’m not mistaken to make your instance available to other people you’d have to set up a reverse proxy. And a correctly set up reverse proxy shouldn’t reveal your IP, only the local IP (127.0.0.1).
Thank you for this information, if this is correct it sounds like this isn’t something I need to worry about then.
For all my self hosted stuff I use nginx proxy manager behind a cloudflare tunnel. The tunnel connects to a container on the machine which sends everything to the reverse proxy. no need for vpn or port forwarding
Is there any documentation you could link me to that would go into greater detail about how I can do that?
I don’t think that’ll work, they likely don’t allow inbound connections to their VPN endpoints.
There are a couple options:
- Use Cloudflare Tunnels (Free)
- Use a small VPS from a company like DigitalOcean to run a site-to-site WireGuard VPN + reverse proxy
- Use a small/medium VPS from a company like DigitalOcean to host your Lemmy instance
Note: I haven’t done a review of the traffic to confirm if option one or two will leak your IP (it shouldn’t, that’s generally a problem with WebRTC), but it is a potential concern. I do use option 1 currently. Note that tunnels are limited to 100mb file uploads, but iirc there is a bug in Lemmy that effectively limits uploads to 20mb.
I think you can do it but you’ll probably need port forwarding on the VPN.
Unfortunately Mullvad just cancelled this feature.
Alternatively you can run your own VPN with a VPS (and use it like a reverse proxy), then you can easily control the port forwarding.
Alternatively you can run your own VPN with a VPS (and use it like a reverse proxy), then you can easily control the port forwarding.
This latter part, please forgive me as this is the first time I’m looking into hosting a web service. My plan was to purchase a domain with Google, which would include WHOIS privacy. Is this what you’re referring to here?
No, I mean have an external server (ideally with a static IP address) and point the domain to that. And then have your local machine (hosting Lemmy) connect to that server and reverse-proxy the Lemmy port.
I haven’t tried it with Lemmy so I’m not 100% sure the domain settings in Lemmy would work with this setup (since the domain wouldn’t resolve to your local machine where it’s actually running, and maybe Lemmy depends on that). But the idea is external users would just see the VPS, and have no idea that it’s actually served from your local machine over a reverse proxy there.
You’d have to pay for VPS traffic though, but aside from that it wouldn’t need much hardware, so should be cheap.
But you might also want to re-consider running it locally at all in this case. If the instance is small, it might work out just the same just to host it directly in the cloud. And then you can set up automatic setup and migration with Terraform / CDK ,etc.
Alright, thank you for your help!
Most people use cloudflares free proxy service and a fully qualified domain name that they own.
You could also set up a virtual private server on a host provider like linode or digital ocean and install a point to point vpn as your egress/ingress point.
At best a reverse IP search can show the general area, no way someone can pin-point your house with it.