I believe cloudflare has some sort of tunneling option but I’ve never really looked into it, it might get around that.

It is possible to use a dynamic DNS service. They’re typically pretty cheap. I did for several years. It kind of sucked so I rented a VPS.

Our setup uses a domain pointed at a dynamic (but stable) IP with a script to update it periodically

Could you use dynamic DNS? Pretty sure there are some free options.

If your home IP does not change often, you can use a dynamic DNS service. But your services will be unavailable from the time that your IP changes and the time the DNS record is updated and the cached responses expire.

If you already have a domain name and don’t want to switch to something else, know that some DNS registrar have an API to handle the domains. For a short period of time I had to rely on this and had a little python script to get my current IP and apply it to every A record in my DNS zone. It worked well (but then I took an arrow in the knee had static IP)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #181 for this comm, first seen 18th Mar 2026, 09:30] [FAQ] [Full list] [Contact] [Source code]

I use OVH for all things DNS, TIL: they have a dynhost thing that will do all the DNS updating for you!

help.ovhcloud.com/csm/en-gb-dns-dynhost?id=kb_art…

If you’re self hosting you could even use github.com/qdm12/ddns-updater and skip a third-party service (if your registrar accepts dynamic entries)

I have dynamic dns address and a handful of CNAME records on my domains pointing on that dyndns-address so I can use ‘proper’ names with my services. When my public IP changes it takes a few minutes for the records to update, but it usually happens only when my router reboots so it’s been good enough for me.

Also I use two separate dyndns providers so there’s likely at least one working DNS entry to my network.

<img alt="" src="https://lemmy.wtf/pictrs/image/fa3cfe4f-665a-4c26-9012-0c17d9965bdd.gif">

I don’t have a static IP, and I just make sure to never ever let my DHCP lease expire. My ISP provides the same IP to the same MAC when renewing the lease. My longest streak on the same IP was three years.

As long as I always turn my router off by cutting the power, it won’t release the lease, so I keep my IP even through reboots. My last one didn’t release the lease at all, so it only ever got a new IP if it was off for over a day, or if I set a new MAC.

When my IP does change, I’ve configured my DNS record to only last an hour. So updating the domain to point to a new IP only takes an hour to update.

If you only need it to be accessible inside your home, then you just need to run your own DNS. Have your dhcp point at your DNS and your DNS declare itself the master for your domain.

To get full functionality, you’ll probably want to have your registrar point to the public IP you get from your ISP as the domain’s authoritative name server.You should be able to script it to update the registrar when your ISP changes your IP, but that usually happens infrequently enough to do manually. Obviously can’t do that if you’re behind CGNAT.

To get Lets Encrypt certificates, you can do the DNS challenge. If your ISP gives you a (even inconsistent) public IP, you can do fancy ‘views’ with your selfhosted DNS, where it responds with private IPs inside your network and your ISP-given IP outside your network. I have certbot set up to expose my DNS & web server just before it starts its renewal process, then close the firewall after. Once you have the certificate, you can move it to where ever it will actually be used.

You do not need a static IP address or dynamic DNS if your domain registrar provides a REST API. My current registrar is Porkbun and they have a REST API. I simply have a cron job that regularly checks if my public IP[^1] differs from the domain’s A-record. If it does, it updates the record to match the public IP address using their API.

[^1]: I use Porkbun’s ping endpoint to obtain my public IP. There are also alternatives such as Ipify.

I use this, Cloudflare zero trust. I run a connector (tunnel) named cloudflared on a raspberry pi which connects to cloudflare. The zerotrust tunnel configuration (in CF dashboard) lets me route http traffic into my local network by domain. The Application access policy in zero trust lets me secure it.

Your site saw more threats last month than the average site on Cloudflare. Here’s what that means:
The good news is that these threats were mitigated by Cloudflare with the basic web application firewall (WAF) and bot protection you have on the Free plan.
The bad news is that more complex and sophisticated cyber attacks may not be stopped by your current web application security posture.

I started with dynamic DNS on my home server, then moved to an encrypted tunnel. the issue with ddns is that your provider may block your ports. Mine eventually blocked 80, 443, and the wire guard port.

When I switched to tunnels, with cloudflare as my provider, there was nothing my provider could do about it.

So, I’d recommend tunnels since many providers don’t want residential users hosting servers.

I’ve had a domain with a dynamic up for over a year with no problems. I have a simple script that runs every 30mins to check if my IP has changed, then updates the DNS records when required.

i have a little program for dynamic dns running in docker that checks every few seconds for an IP change and swaps my DNS records if it gets rerolled.

works well on my home network, I can use my domain for all my private services local and remote through wireguard :)

Yes it’s possible. You can buy a domain name and then do literally nothing else if you want.

If it’s just for LAN use, you don’t even need to buy a domain name. You can use anything under the home.arpa, test, or internal TLDs. en.wikipedia.org/wiki/Special-use_domain_name

I’m late to the party, but could everyone answer me this- how often does you’re public IP actually change with any of your ISPs??

With the numerous companies I’ve used, the ONLY time I’ve ever seen my IP change is getting a new modem through, say, Comcast or whoever. It goes by MAC address, and if you use Comcast and then set to bridge mode and use your own device, that’s a new MAC so you’d get a new public IP. Swap ISPs obviously a new IP.

I’ve NEVER randomly received a new IP when using the same equipment consistently, so I’m not sure why everyone’s so worried about dynamic DNS stuff… Maybe outside the US is different? I’ve lived in a few States and it’s always the same. If you make a hardware change, just note you should also double check your IP and update it, that’s all.

I’ve been self hosting for 20 years with the same domain(s) and have never owned a static IP. Use a reliable DNS service with simple update tools (curl on a cron job for example).

I have a domain, but all I use it for so far is email (with an email provider, not my own mail server, hosted locally or otherwise). I’d still call that “usable,” though.

VPS with a public ip (which just takes all the fun out of selfhosting)

Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.

DynDNS is your friend.

You don’t have any great options but you do have some options. You’ll need dynamic DNS, which you can get for free by various providers. This will manage a “dynamic” DNS entry for your occasionally changing, non-static IP at home. The dynamic DNS entry won’t be on your own domain name, it will be on the provider’s domain name. But wait! That’s just step one.

You can still get your own, fully-functional domain name, and you can have all the domains and subdomains you want, and set them up however you want, with one important restriction: You can’t use IP addresses (because yours is dynamic, and changes all the time and you would have to be constantly updating your domain every time it does, and there would be delays and downtime while everything gets updated).

Instead, your personal domains have to use CNAME records. This substitutes the IP from a different domain INTO your domain. So you CNAME every entry on your own fancy domains to point at your dynamic DNS provider, which manages the dynamic part of the problem for you and always gives the real IP you need. Nobody sees the dynamic DNS name, it’s there, but it’s happening behind the scenes, they still see your fancy personalized domain names.

It’s still not going to be perfect, it won’t work well or at all for certain services like email hosting (self-hosting this is not for the faint of heart anyway) that are very strict about how their DNS and IP addresses need to be set up, but it will likely be good enough for 99% of the stuff you want to self-host.

It is very much possible to have a dynamic IP and a usable domain.

Both Cloudflare and desec.io (for example) have APIs that you can hit everytime your public IP changes.

I have a script that checks every minute whether my public IP has changed from the last check, and if it has, an API call will be sent.

With a scheme like this, your downtime will be minimal, if ever even noticed.

but a friend told me that to get one I either need a VPS with a public ip (which just takes all the fun out of selfhosting) or purchase a static ip

Neither of those are requirements. Just buy a domain at a registrar that allows you to dynamically update an IP address with a domain you have there. Look into DDNS update scripts and/or your own internet router, many routers have that feature built-in already.

I run a variety of self hosted things via my domain on a dynamic IP. I just have dynamic dns set up to check my current public IP periodically, and update the dns entry if it changes.

The VPS I rent from Ionos for tunneling is $2 a month just so you know it’s not a major amount of money.

You can use Netbird cloud’s reverseproxy to point your domain to a device on your wireguard mesh.

That way your home server can be under 3x NATs and dynamic IP and you’ll still be fine.

Later if you want to own the netbird you can self host it on a VPS if you’re willing to migrate all devices to your self hosted wireguard mesh.

My dynamic IP almost never changes. I’ve had 3 in the last 10 years. How often does yours change?

There’s also dynamic dns if yours changes often.

What are you asking? You can just buy a domain whenever you want. You can use it on your server without a VPS or static IP.

Are you asking us how to make your services reachable at that domain publicly over the internet?

What you’re looking for is called Dynamic DNS. I use Cloudflare for my DNS (which feels a little like making a deal with the devil) and Cloudflare-DDNS to automatically update my DNS records when my WAN IP changes. Basically, the container checks the current WAN IP, checks the current Cloudflare DNS records, and pushes a change if they don’t match. It runs every few minutes, and then rests again until the next check. I’m sure other DNS providers have similar ways to set up DDNS.

It’s not a 100% foolproof thing, because your WAN IP changing will take a few minutes to update. But a few minutes of downtime is much better IMO, when the alternative is needing to manually VPN into my server (if the VPN even still works, since the WAN IP changed), and troubleshoot it every time the IP address changes.

My dynamic IP rarely changes. When it does, it gets updated by a Docker favonia/cloudflare-ddns image. I have yet to notice downtime.

My ISP changes IP somewhere around once a month. I own a domain on porkbun and they offer a simple docker compose script that updates my records to a current IP.

I believe other domain selling platforms also have similar scripts or solutions.

You need static IP only if you want to host the autoritative DNS server for your domain (spoiler alert: you don’t).

You don’t need to proxy your traffic via VPS (higher latency for no good reason) and the dyndns providers are over priced.

What you need is:

• Buy your domain
• Use a free DNS provider (I used for years the excellent dns.he.net but it is a bit cumbersome. Nowadays I gave up and I now use cloudflare without any proxying, just pure DNS)
• Point your registrar to the dns provider
• use ddclient to update the IP of a domain entry (e.g. server.example.com)
• add as many CNAME as you want that point to that entry (so you can have stuff like Jellyfin.example.com www.example.com Nextcloud.example.com)

That’s all… ddclient will update that single dns entry every time your server restarts (or the IP lease expires and you get a new IP)

The only thing you need to pay here is the domain (you can get free domains but that is another story and tbh I would not recommend, there are cheap domains out of there)

I have the VPS setup, and it’s not bad at all, I pay 3.99 a month and it acts as a gateway into my network filtering any malicious ip by using crowdsec.

I use Pangolin reverse proxy, but you can also use netbird.

I prefer this because on top of the routing options it ads extra security and lets me share subdomains with friends and family without exposing my network to the internet

Sure, you can just use your home wifi. Some of them are static, and others don’t change really often, like once a month, so dyndns will work well. You could also use cloudflared that is a proxy you can use even if you can’t open your ports

Nobody else mentioned DuckDNS. It’s free and has worked great for me for years.

You’ll need to install a client that syncs/auto-updates your public IP, then pretty much never touch it again.

You might want to try out Tailscale. It’s a mesh network overlay that you can either share easily within your tailnet or out to the greater internet with funnel (sorta like cloudflare tunnels, but somewhat better at respecting privacy). It’s also possible to self host the controller, so you don’t have to depend on a third party.