reply on: What are some Bitcoin / Lightning Network tricks most ppl don't know about? \ stacker news ~bitcoin

99 sats \ 4 replies \ @02c142fbe9 21 Nov 2022 \ on: What are some Bitcoin / Lightning Network tricks most ppl don't know about? bitcoin

I can expose any web application on my Raspberry Pi to the Internet via Tailscale + Caddy/Nginx on a VPS.

e.g. Let us assume I have BTCPay Server, LNBits or Wordpress exposed on port 8080 on my Raspberry Pi. Then,

I buy the cheapest VPS and give it a DNS name.
I install Tailscale on both the VPS and Raspberry Pi. I disable Tailscale key renewal to make both the VPS and Raspberry Pi stay on the same virtual private LAN for long periods without disruption.
Then I install Caddy/Nginx and create a reverse proxy to the Raspberry Pi, for a virtual host.

This way I can expose just my LNBits plugins e.g. point of sale plugin to the Internet, and leave all my other apps safely unexposed to the Internet inside my home.

I can even use many virtual hosts to have the same DNS entry point to different apps. This way I only need to buy one VPS. Example:

lnbits.example.com points to LNBits inside my home
git.example.com points to GitTea inside my home
blog.example.com points to Wordpress inside my home
btcpay.example.com points to BTCPay server inside my home.

So even if the VPS gets DDoSed I can just put the VPS behind DDoS protection. If my VPS gets hacked, they still have to hack my Raspberry Pi from there, because there is nothing stored on the VPS. The VPS is probably running Alpine Linux with very low attack surface area.

0 sats \ 0 replies \ @moscowTimeBot 21 Nov 2022

I did something similar but used CloudFlare tunnels.

I ran an umbrel node with LnBits and BTCPay exposed to the clearnet.

The major benefit is that you don't need a VPS, costs are none and DDoS protection from CloudFlare.

The downside is that you have to trust CloudFlare.

0 sats \ 2 replies \ @fabian 21 Nov 2022

Thanks! I've been trying to setup something like this for a while, but could never find the right way. Will try Tailscale Caddy/Nginx.

1 sat \ 1 reply \ @fabian 21 Nov 2022

Nevermind, I was about to try this but tailscale starts with Login with Google/Microsoft/Github. No thanks.

0 sats \ 0 replies \ @02c142fbe9 11 Dec 2022

This is a self-hosted alternative to tailscale which does not require Github login https://github.com/gravitl/netmaker

I have not tried it. If you try let me know of your experience.