My unnecessary convoluted self-hosting scheme
August 16, 2025 @ 00:36
A little while ago I learned what SSH reverse-tunnelling is and instantly had what I thought was an epiphany. I host a few services for myself. Namely, Memos, which I've talked about before, and Linkding (though I was using Slash instead of Linkding for a while). I wanted to be able to host these services on a Raspberry Pi at home here, but my dad refuses to let me poke holes in our network security for some reason. No fun. SSH reverse-tunnelling is basically using SSH to forward a connection from one port on one device, to a different port on another device. I realized I could host these services on my home network and tunnel them to another computer running Caddy, which then proxies those ports and keeps my home network relatively hidden. I decided to draw up a diagram that ended up looking something like this:
I thought this would be a fun experiment, and something I could try to figure out to see how good my technical skills are, so I decided to go for it. In order to have it work, I need a local computer, as well as the remote one, so I went with DigitalOcean's cheapest plan for the remote and a Raspberry Pi 3B+ at home.
The setup went pretty well overall. I tried to make the firewall as strict as possible, only allowing SSH from my home network and certain ports for web traffic. I also used a systemd service I only kinda understand to make sure it was constantly running the tunnel, and it could be stopped easily if there was a horrible security flaw somewhere. It ran well for a while, ignoring the annoying yellow flickering light that gets really obnoxious at night the Pi has. That was until I wanted to add something else.
I wanted to set up FreshRSS so that I could have my RSS feeds sync across both my Phone with NetNewsWire, and my desktop with RSS Guard. I added FreshRSS to my docker-compose.yml, made a service, and... it didn't work. I'm not even sure why, but it just wouldn't let me make another connection. My assumption was that SSH maxed out at 2 connections from a device, but that doesn't seem to be true from what I can tell. Whatever the reason, I realized something. I wanted to do this to allow me to host heavier apps for myself, but I was hosting the exact same things I was previously hosting on DigitalOcean entirely out of fear of putting too much onto the Pi. There was no reason to do this whatsoever.
A few days ago I decided to pack that all up and pay off the DigitalOcean server, deciding to move everything over to Kamatera since they seem to give a better deal, and now I finally have my FreshRSS instance. It also runs faster which is NOT surprising considering it's not taking requests and passing them back to another device on semi-alright wifi. Regardless of the actual utility of this, it was still fun to do. Though I am glad that STUPID flickery light is gone.
Also, if you're interested, this is my docker-compose.yml I made by cramming all the example ones together, and I just have a simple Caddy setup on my personal domain.
services:
memos:
image: neosmemo/memos:stable
container_name: memos
volumes:
- ~/memos/:/var/opt/memos
ports:
- 5230:5230
restart: unless-stopped
linkding:
container_name: "${LD_CONTAINER_NAME:-linkding}"
image: sissbruecker/linkding:latest
ports:
- "${LD_HOST_PORT:-9090}:9090"
volumes:
- ~/linkding:/etc/linkding/data
env_file:
- .linkding-env
restart: unless-stopped
freshrss:
image: lscr.io/linuxserver/freshrss:latest
container_name: freshrss
environment:
- PUID=1000
- PGID=1000
- TZ=America/Regina
volumes:
- ~/rss:/config
ports:
- 5231:80
restart: unless-stoppedAnyway that's all for now, goobye :3
