These are some quick n’ dirty instructions so people can get up and running fast.
I wish I had known this was possible sooner.
Instructions:
Check that your VPN supports port forwarding and you have it enabled.
Grab your VPN’s internal IP with ip a
Find the interface for your VPN. For me it’s called tun0.
Open up /etc/nginx/nginx.conf
You can back it up, or comment everything out, or pick what’s necessary. Here’s what my file looks like.
worker_processes 1;
include modules.d/*.conf;
events {
worker_connections 1024;
}
http {
server {
listen [VPN INTERNAL IP]:[VPN FORWARDED PORT];
server_name localhost;
location / {
root '[ABSOLUTE PATH TO YOUR WEBSITE ROOT FOLDER]';
index index.html; # Relative to your website root.
}
}
}
Make sure your permissions are correct. For me, the ‘other’ group needs read permissions to the root folder, including where it’s mounted.
Start nginx with systemctl start nginx
You can visit your website on your host machine in a browser at [VPN INTERNAL IP]:[VPN FORWADED PORT]. For me, using the internal IP is required to view the website on my host machine.
To view the website on other machines, you can use [VPN EXTERNAL IP]:[VPN FORWARDED PORT]. The only thing you need to change is the IP address.
I hope this works for you and you are inspired to selfhost and take back power from those who stole it from us.
You must log in or # to comment.
I absolutely respect rawdogging your website with just an IP
It’s all fun and games until you realise it’s your IP…
Who needs a domain anyway
Not sure how much you’re paying for your VPN, but a virtual private server can be had for about $5 per month. You’ll get a real IPv4 address just for you, so you won’t have to use non-standard port numbers. (You can also use the VPS as a self-hosted VPN or proxy.)
$5 per month doesn’t get you much processing power, but it gets you plenty of bandwidth. You could self-host your server on your home computer, and reverse-proxy through your NAT using the VPS.
I think you can find 1x vCPU VPS with 1gb ram for 1$/month on lowendbox / lowendtalk
You could even go the Oracle route on their free tier, probably has more compute than many $5/m VPS, although the learning curve is MUCH steeper than a simple VPS
Aaaaand it’s down?
Sorry, it should be up again now.
I’ve updated the post with the instructions. I don’t really plan on hosting this for a long period of time, at least not in this state.
I hope some people have gotten some use out of it.
No worries! Reminds me of my early days of self-hosting. Got myself banned from my ISP for 48 hours for self-hosting. 😬
Thanks for sharing!
I am using wireguard in docker to connect from anywhere to my locals network. https://github.com/linuxserver/docker-wireguard?tab=readme-ov-file#usage Set the variable INTERNAL_SUBNET to your local IP range. For me it was 192.168.178.0 And set a folder you can reach as it’s working folder. And your done for setting the wireguard server.
Need yo allow your server to be reachable from the web to wire guard ports. I guess you know how to since you did for you website.
To add clients (I have android and Linux) you go fetch the config on you server. If you went for numbered peers it look like peer4.conf and you use these file to allow clients to connect.
Edit : I missread you don’t ask for help.nice site by the way
Thanks for the guide. How did you get the VPN forwarded port? I believe this depends on the VPN provider’s software?
I’m sorry if this is dumb, but do I need to run the vpn on a dedicated machine? If so can I use a raspberry pi?
You you setup a proper domain and https for your website instead of having a random IP address and port. Don’t visit http pages in 2025. It is a major security risk.
Edit: If you need help setting up https let me know. You will need a domain but they are fairly inexpensive. If it is a matter of technical knowledge let me know as I can help.
There’s no security risk viewing this bit of html via http lmao
How so?
Data send back isn’t validated so someone could tamper with the data. A bad actor could add some arbittary Javascript plus ISPs have been caught inserting marketing materials into pages.
From a privacy perspective it is also bad as not only does it include your user agent in plain text it doesn’t have any encryption on page contents which allows your ISP to snoop on what you are doing.
All of these reasons are while we moved to https. X.509 certs are free and trivial to setup with Caddy or any other Reverse proxy/web server. If https was crazy had to setup I’d be more understanding but it is very easy to do in 2025.
Do you really think someone is going to set up a MITM attack for the dozen people who visit this blog?
No, but governments and ISPs can and have historically done so for all http traffic.
It doesn’t matter the page. They just care about http.
specifically this is how QUANTUMINSERT worked (from the Snowden leaks.) also China used the same technique, injecting malicious JS through the GFW to get bystanders to DDoS github, in a much more obvious and indiscriminate way.
nobody here is remotely likely to be targeted by NSA, of course, but you can actually do such attacks on a budget if you compromise any router in the chain. combined with a BGP hijack it’s not far out of reach for even a ransomware gang to pull something like that these days.
To add to this, a whole lot of places have been compromised in the salt typhoon attacks. China has compromised infrastructure all over the place including ISP hardware.
I’ll bite.
The risk is training people in bad behaviors, and then having those people do stupid things like type in a password.
There’s no password entry on this site, and what people do on other websites is not OPs responsibility.
Oh yes. Pushing personal responsibility to the end user has always been a very effective security strategy.
Lmao as the operator of a website your personal responsibility ends with your website. It is not OPs responsibility to protect other websites he does not operate, nor is it to take on the end user’s responsibility, or education. Don’t be silly.
Of course it does. You’re only ever responsible for yourself.
And that mentality does not lead to good things.
Of course it does, could you imagine the alternative? Imagine spontaneously taking responsibility for the safety of the entire internet. That would be just nuts.
I can heartily recommend taking responsibility for yourself, and not trying to foist it on others. Especially some dude with a rinky dink little personal blog.
Maybe there is, maybe it’s only little. Maybe people browsing should be more aware of where they click on. Either way, this method shouldn’t be used for any sensitive information least a personal cloud. Would be suicidal I guess.
Luckily this website contains no sensitive information and is not a personal cloud.
LOL. On the scale of risky things I’ve done today, visiting this guy’s http website barely rates a mention.
Someone posts about something they’ve learned and the best you can do is dump on them about whatever thing in order to demonstrate to everyone your superior knowledge.
Everyone starts somewhere.
I’m down to help people get https set up. I’m not trying to dunk but rather I’m trying to make the internet a safer place by reducing attacks and mass surveillance.
Let’s be real, this guy has no knowledge. He’s just yet another security parrot who doesn’t even understand the why behind the things they’re regurgitating.
Is it not possible to set up https for just an ip address with no domain?
I think it’s technically possible, but your IP likely isn’t static, especially if you’re using a VPN. You’d need a new cert every time your IP changed.
Buy a domain
They are pretty cheap especially compared to hardware
All those “experts” lecturing you and they don’t even know about man in the middle attacks.
They don’t know that there are active bots searching for HTTP addresses to inject risky code or redirect to malicious sites.
You providing some feedback which may help OP is seen as criticism.
They don’t know that there are active bots searching for HTTP addresses to inject risky code or redirect to malicious sites.
I’m going to be honest I have no idea what you are talking about.
