Difficulty: Intermediate to High
Have you ever wanted to host a website or other web service without exposing your home IP address or paying for a gigantic VPS (Virtual Private Server)? While VPSs tend to be rather generous on bandwidth they tend to be rather stingy on storage space and general compute power. If I want the VPS with 500GB of storage space to host a clearnet Bitcoin node, I’m going to have to pay a pretty high reoccurring fee. I’m going to explain a method which leverages Firewalld and Wireguard VPN to allow public hosting with a very modestly priced VPS. With this method you’ll be able to leverage your existing home storage and compute resources to do the heavy lifting on your home network while getting the benefit making your application public without exposing your home IP address. This solution will work even if you are stuck behind the dreaded Carrier Grade NAT.
The idea is that you’ll actually run your service from your home network but through the magic of VPN and NAT (Network Address Translation) technology the service can be made available on the public internet. I run a VM (Virtual Machine) host via KVM at my home but this should work equally well with a Raspberry Pi or similar less powerful computer. I would consider this deployment to be of intermediate to high level difficulty depending on your knowledge of Linux and general networking. For this example I’m going to make my BTCPay Server, which I run on my local network, publicly available on the IPv4 internet. I’ll do this without needing an expensive VPS with enough storage for a full Bitcoin node or without exposing my home IP address. See the image above for a high-level overview of what we’ll be configuring.