VPN is the way to go. Could use this opportunity to upgrade your router. I bought a box from protectli and run OPNsense on it. There’s good documentation on how to set up a wireguard vpn, and the community is vibrant.

Its also nice because there’s lots of options so its a nice thing to grow and learn with.

Crazy number domain doesn’t provide any security but you can buy a 1.111B class .XYZ domain for as cheap as 0,62USD a year

Use tailscale

• install opnsense
• set up geoip block where only IPs from your own country can ever initiate connection from the outside
• keep your stuff up to date
• enjoy security

VPN would be the quick and dirty

If it’s just select items, an service like azure app proxy maybe

For just yourself? Get a domain that you can actually remember and use and then set up a WireGuard server (I recommend the Linuxserver.io WireGuard image)

Use that to access your stuff

Do you have 1 thing you desparately need to be publicly accessible? VLAN the VM off so it’s on its own and put a reverse proxy in front of it with HTTPS (and ideally MFA if you need auth)

You could use Zerotier. With zerotier you can create a private network between your server and as many as 24 other devices (i.e your phone, your laptop…)

It doesn’t expose your stuff to the whole internet. You have to manually approve the devices you want to add to the private network through zerotier website. Even if you share the links with other people, they will simply not work

I just did this for my Raspberry pi, and now pihole filters my internet traffic even when I’m away.

Seriously, look it up, it’s free up to 25 connections and since it’s private you don’t need to go crazy about protecting your server from DDoS or buying a domain name or anything.

Have you heard about Twingate? It’s kinda like a VPN but not really. It’s free and does everything I need. If it’s just for self use I think it’s enough.

If the domain isn’t critical if it changes, you could use freedns.afraid.org.

I’ve been using the free version for over a decade (but did donate recently). A couple of domains have come and gone, so I’ve had to pick new ones, but it’s not a big deal.

this is what i did. a 10 CHAR domain of only numbers with .win

Use cloudflared and Cloudflare Zero Trust / Access. You tunnel your services to Cloudflare, who then secures them behind a 2FA wall. No traffic ever goes to anyone aside from you.

Isn’t this what VPNs were invented for?

Free domains such as .tk or .cf are scanned by various bots as soon as they are created. I remember when I created a domain and forwarded it to my server. The spam and attacks that subsequently hit my server were very high. Significantly higher than with a domain that I paid for.

I therefore strongly recommend staying away from these free domains.

Good luck with your project :)

If it is just for you and no one else you could set up something like twingate in place of a vpn or punching holes in your network. When im out of town or just need to access something internaly when im gone, as long as. I am connected to my twingate connector i have access the what i need. Its also super easy to granularly set access controls to only allow access to systems on specific ports etc. Took the headache of port forwarding, ipsec, and vpn and made it simple to manage and access what i need. Simply run the connector in docker and your all good. Heres the link if you wanna read up on it or try it out. link

Couldn’t you just get a regular domain and use a firewall to prevent access, so only your IP address(s) are able to access it.

I’m currently doing this myself, however I have a VPN on my local network that allows me access to my self-hosted service remotely as if I was at home.

There are other things you can do with cloudflare that will lock the sites down with authentication, but VPN and firewall have worked pretty well for my use cases.