VPN is the way to go. Could use this opportunity to upgrade your router. I bought a box from protectli and run OPNsense on it. There’s good documentation on how to set up a wireguard vpn, and the community is vibrant.

Its also nice because there’s lots of options so its a nice thing to grow and learn with.

Seriously as everyone suggests: use tailscale or another VPN. Tailscale is incredbly easy to setup.

Warning: tk domains registrar has 0 GDPR.

Might be irrelevant now, but I didn’t managed to delete my data once I wanted out

ZeroTeir (or a VPN) - if all you want is to access those services from outside your network

IMO - the only reason to put something “on the internet” is so that the entire “internet” can access it

Getting an obscure domain name doesn’t matter as attackers go straight to the IP address. If you have a certificate on your secret domain name, they have your domain the moment they hit port 443.

Don’t use “security through obscurity”; instead just secure your services or host a VPN.

If you go with a cert try to get a star cert that way you make it a little bit harder for hackers to find your subdomains.

This is my policy: For publicly accessible services like a website, I use a cloudflare tunnel. For restricted access to just a few users, I use a cloudflare tunnel and a cloudflare application to manage access authentication. For my exclusive restricted access to the infrastructure, I used tailscale.

Try using Tailscale. It’s easy to use & free for personal use. It will only allow devices with Tailscale installed to view your self-hosted services. They have clients for mobile devices, PC’s, Mac’s and even Apple TV etc. Their technology is based on Wireguard so it’s very fast and secure.

https://tailscale.com/

Use tailscale

Couldn’t you just get a regular domain and use a firewall to prevent access, so only your IP address(s) are able to access it.

I’m currently doing this myself, however I have a VPN on my local network that allows me access to my self-hosted service remotely as if I was at home.

There are other things you can do with cloudflare that will lock the sites down with authentication, but VPN and firewall have worked pretty well for my use cases.

If it is just for you and no one else you could set up something like twingate in place of a vpn or punching holes in your network. When im out of town or just need to access something internaly when im gone, as long as. I am connected to my twingate connector i have access the what i need. Its also super easy to granularly set access controls to only allow access to systems on specific ports etc. Took the headache of port forwarding, ipsec, and vpn and made it simple to manage and access what i need. Simply run the connector in docker and your all good. Heres the link if you wanna read up on it or try it out. link

6 to 9 digit .xyz domains are only around $1 a year, every year. That’s what I did and definitely recommend it. You can read more here.

Free domains such as .tk or .cf are scanned by various bots as soon as they are created. I remember when I created a domain and forwarded it to my server. The spam and attacks that subsequently hit my server were very high. Significantly higher than with a domain that I paid for.

I therefore strongly recommend staying away from these free domains.

Good luck with your project :)

Use cloudflared and Cloudflare Zero Trust / Access. You tunnel your services to Cloudflare, who then secures them behind a 2FA wall. No traffic ever goes to anyone aside from you.

this is what i did. a 10 CHAR domain of only numbers with .win