VPN is the way to go. Could use this opportunity to upgrade your router. I bought a box from protectli and run OPNsense on it. There’s good documentation on how to set up a wireguard vpn, and the community is vibrant.

Its also nice because there’s lots of options so its a nice thing to grow and learn with.

• install opnsense
• set up geoip block where only IPs from your own country can ever initiate connection from the outside
• keep your stuff up to date
• enjoy security

Try using Tailscale. It’s easy to use & free for personal use. It will only allow devices with Tailscale installed to view your self-hosted services. They have clients for mobile devices, PC’s, Mac’s and even Apple TV etc. Their technology is based on Wireguard so it’s very fast and secure.

https://tailscale.com/

This is my policy: For publicly accessible services like a website, I use a cloudflare tunnel. For restricted access to just a few users, I use a cloudflare tunnel and a cloudflare application to manage access authentication. For my exclusive restricted access to the infrastructure, I used tailscale.

ZeroTeir (or a VPN) - if all you want is to access those services from outside your network

IMO - the only reason to put something “on the internet” is so that the entire “internet” can access it

6 to 9 digit .xyz domains are only around $1 a year, every year. That’s what I did and definitely recommend it. You can read more here.

If you go with a cert try to get a star cert that way you make it a little bit harder for hackers to find your subdomains.

Warning: tk domains registrar has 0 GDPR.

Might be irrelevant now, but I didn’t managed to delete my data once I wanted out

Getting an obscure domain name doesn’t matter as attackers go straight to the IP address. If you have a certificate on your secret domain name, they have your domain the moment they hit port 443.

Don’t use “security through obscurity”; instead just secure your services or host a VPN.

Seriously as everyone suggests: use tailscale or another VPN. Tailscale is incredbly easy to setup.

Crazy number domain doesn’t provide any security but you can buy a 1.111B class .XYZ domain for as cheap as 0,62USD a year

Use tailscale

VPN would be the quick and dirty

If it’s just select items, an service like azure app proxy maybe

You could use Zerotier. With zerotier you can create a private network between your server and as many as 24 other devices (i.e your phone, your laptop…)

It doesn’t expose your stuff to the whole internet. You have to manually approve the devices you want to add to the private network through zerotier website. Even if you share the links with other people, they will simply not work

I just did this for my Raspberry pi, and now pihole filters my internet traffic even when I’m away.

Seriously, look it up, it’s free up to 25 connections and since it’s private you don’t need to go crazy about protecting your server from DDoS or buying a domain name or anything.

Free domains such as .tk or .cf are scanned by various bots as soon as they are created. I remember when I created a domain and forwarded it to my server. The spam and attacks that subsequently hit my server were very high. Significantly higher than with a domain that I paid for.

I therefore strongly recommend staying away from these free domains.

Good luck with your project :)