> How do people access these servers off of their home network (or do they not?).
Wireguard, listening on the public IP with port forwarding, and using a dynamic dns client to ensure I can always connect even if the public IP changes.
> It seems like most residential ISPs don't provide a static IP and some block port 80?
Not the case here in my experience (Spain), but if you're fine being the only one with access you only need to forward the VPN port.
> I know Zero Tier, and Tailscale exist - but I don't really understand how they work
I only used ZeroTier a bit, but IIRC it was something like:
1) Create a new network in the ZeroTier One website
2) Download the ZeroTier client on your machine(s)
3) Enter the network ID
4) (optionally) authorize the device on the web UI
5) Now the device can connect to other ZeroTier peers on the network you created!
(So yeah, at least the "easy" way involves using their server, no need to selfhost it). Also this option should work without port forwarding.
I use WireGuard via Tailscale. it's been a breeze since switching from a self managed solution on my Pis. generating the keys, syncing them across the Pis, syncing the Pis keys to the clients, all too much work. Tailscale has automated this.
Yup, Wireguard is what I use. I toyed around with both Traefik and Caddy as reverse proxies (not simultaneously, of course), but found it to be much more complicated to set up than a VPN. I wouldn't touch a reverse proxy for personal use again.
Can the ZeroTier client create a tunnel without root access? That's the biggest weakness of WireGuard IMO. One of the things I like about ngrok is it doesn't require root.
> Can the ZeroTier client create a tunnel without root access? That's the biggest weakness of WireGuard IMO.
No idea about ZeroTier, but you should be able to use WireGuard without root access using the userspace implementation in Go[0] (that's the one used in non-rooted Android phones, Windows, and maybe the BSDs)
I tried wireguard-go and it required root to create a tunnel. I wonder if it would be possible to adapt it to forward to a local port rather than mapping directly to a network interface.
Wireguard, listening on the public IP with port forwarding, and using a dynamic dns client to ensure I can always connect even if the public IP changes.
> It seems like most residential ISPs don't provide a static IP and some block port 80?
Not the case here in my experience (Spain), but if you're fine being the only one with access you only need to forward the VPN port.
> I know Zero Tier, and Tailscale exist - but I don't really understand how they work
I only used ZeroTier a bit, but IIRC it was something like:
1) Create a new network in the ZeroTier One website 2) Download the ZeroTier client on your machine(s) 3) Enter the network ID 4) (optionally) authorize the device on the web UI 5) Now the device can connect to other ZeroTier peers on the network you created!
(So yeah, at least the "easy" way involves using their server, no need to selfhost it). Also this option should work without port forwarding.