Depending on what you are trying to do, there are several approaches that you can choose.
Personally, I use Tailscale on my home network, and as a backup I set up a VPS + domain name behind Cloudflare protection with reverse proxy connected thru Tailscale back to my home server so i can access my home server from any browser.
Based on your use case, you can choose whatever suits you best. Here’s a quote from one of Reddit user in r/selfhosted sub reddit named inportb:
Tailscale and reverse proxy are completely different tools that have some overlap of functionality (access stuff remotely). You don’t have to choose… if you need both, you could have both.
You have services on your network that you want to expose to the internet? Set up port forwarding on your router.
You have services on your network that you want to expose to the internet but your IP address keeps changing? Set up port forwarding and dynamic DNS.
You have web (read: HTTP) services on your network that you want to expose to the internet but don’t have a publicly routable IP or your ISP blocks your desired ports? Try Cloudflare Tunnel (or DIY with a publicly-accessible VPS).
You have multiple web services that you want to expose to the internet through the same port? Use a reverse proxy and forward that port to the reverse proxy.
You have multiple web services that you want to expose to the internet but you only want to set up SSL/TLS once? Use a reverse proxy and terminate the SSL/TLS at the reverse proxy.
You have services on your network that you want to access remotely but not expose to the internet? Use SSH tunneling (ssh -L
).
You want to access your entire network (arbitrary hosts and ports) remotely but not expose your entire network to the internet? SSH works but VPN is better; try OpenVPN. Edit: try WireGuard, because it’s waaaay better 🙂
You want to bridge multiple networks so they work together as a single virtual network? Use a VPN.
You want to bridge multiple networks but don’t want to bottleneck all your traffic through a single server? Try Tinc VPN for some decentralized mesh action.
You like Tailscale but want something faster that you could host yourself? Try Netmaker.
You want a mesh VPN but want easier discovery and key distribution? Try ZeroTier, Tailscale, etc.
You want to access region-locked web content without physically moving? Use a forward proxy hosted in the desired region.
You like Tailscale but want to host it yourself? Try Headscale.
You want to access region-locked content that might not be HTTP? Use a SOCKS proxy hosted in the desired region.
You want a SOCKS proxy but you want to encrypt all traffic between you and the proxy? Use SSH as a SOCKS5 proxy (ssh -D
).
You want to access region-locked content but your client doesn’t know how to use proxy servers? Use a VPN hosted in the desired region, but route your internet-bound traffic through the VPN (remember to make an exception for the VPN server itself).
You want to access region-locked content in multiple regions but don’t want to manage multiple VPNs? Have someone else do it for you; try Mullvad, NordVPN, Windscribe, PIA, etc (I don’t work for any of these; do your own research and take your pick).