Hi GNN,
Good morning and thanks for the clear write-up 
You got everything quite right, just a few lines missing between the ādotsā.
Good reasons for using a VPS, I think. Nice that you got started on the whole self-hosting adventure
Correct!
ā¦ on each side of the tunnel. Wireguard does not really have a server-program and a client-version; it is a single executable that has both roles, depending on the situation. Itās peer to peer. If one side (Yunohost) is inside your LAN, and you want to have it available on the Internet, you still need some service running Wireguard on the internet.
Yes, it is. Also. You could run everything on a VPS, but it would mean a very small installation or an expensive server, and still not with your data at home.
In this case, you would only run Wireguard on the VPS, which routes all traffic to your actual server. A VPS to run Wireguard hardly needs any resources; if you can find a VPS with 2 GB of storage and 128 MB of RAM, it is more than enough.
Lowest prices can be found on sites such as https://lowend-deals.xbit.win ; I hang around at lowendspirit.com from time to time to see if there are any (recurring) deals and get an impression of the quality/reliability of the provider (make an account there to see exclusive offers as well).
Things to look for in an offer:
- Is the price recurring (or only the first month/year) ?
- Is an IPv4 included? Without will work mostly, but in some cases people would be unable to connect. IPv6 should also be included, else people without IPv4 wonāt be able to connect. A single IPv4 costs about 1-2 Euro in small volumes, so for small VPSās a large part of the price is just for the IP.
- Where is the VPS hosted? If the sun just rose in your place, a VPS in Singapore will make things slower because all traffic has to go there first (or you just got out of bed very late)
Yunohost is a manamement layer on top of plain Debian (version 11, Bullseye, as of now). Anything that runs on Debian, runs under Yunohost. If things break on your Yunohost, and it is not Yunohost specific (such as the web interface, or diagnosis not working, or some such), finding a solution for Debian will mostly help you solve the problem on your Yunohost. That being said: with the Wireguard apps being available, thereās no need to apt search an alternative.
Next steps?
- Get a small VPS
- I see Hizakura is less than 10 Euro/year; I have no servers with them, but they seem to be in good standing.
- I have multiple servers with Inceptionhosting.com; their VPSās are priced a bit steeper without special offers, but I have never had an issue in over ten years.
- Without IPv4 you can get a so-called āNAT VPSā, which runs from about 3 euro/year (I have a ābundleā from gullo.me, to run asā¦ VPNās
)
- install Wireguard on the VPS
- I run Debian on nearly everything, and use a oneliner-script that was offered on lowendspirit to install Wireguard
- Point your DNS to the IP(s) of your VPS
- Configure traffic forwarding, see rungeardās post
- Configure your Yunohost to use Wireguard on the VPS for traffic.
- consider that without extra configuration, all traffic to your Yunohost will go via the VPN, also photo synchronisation from your phone in the LAN to your Nextcloud installation and the from your Jellyfin installation to your mediaplayer.
- Make notes how you got things up and running. In case you want to switch VPS provider, it will come in handy!
Give a shout when you got stuck. Good luck!
(edit: added the point āconfigure traffic forwardingā)