My self-hosting experience is primarily with Plex and qBittorrent, but I’m trying to get a digital library set up that will be available remotely. I’ve been reading about some options, but I’m not sure about what is best to use or how to deploy it.
What is the best way to make Kavita available to remote users safely from a home server?
You’ll have to strike a balance between security and ease. Your two major options are reverse proxy and VPN (Tailscale is one option for VPN)
For reverse proxy, you functionally open the app to the internet. Anyone with the correct web address can access the login page. This is inherently less secure than VPN, but not irresponsibly so. Beyond the reverse proxy itself, you’ll also have to learn how to configure an HTTPS certificate to increase security since it will be open to the internet.
For VPN, every user you want to be able to access the service has to be tied into the VPN and have the VPN running throughout their access. Tailscale is arguably the easiest way to configure a VPN right now, as you won’t have to manually deal with VPN configuration files for every device. VPN use will functionally make it like you’re on your home network. VPN access to your network should not be given to tons of people if at all possible.
Tailscale also has the funnel option to open up a single service to the outside world without needing a reverse proxy and has its own ssl certificates
This is what I’m looking for! Would I basically pay for a remote server that bounces the signal through Tailscale securely?
Note that Tailscale does not give other users access to your entire home network but just specific machines and you need to explicitly share those machines.
This is exactly what I need. I’m only trying to open one service in one container to the outside world.
These are good suggestions. I’ve heard very good things about zerotier, tailscale, and a couple of open source alternatives that let you run your own coordination server on a static IP.
Point of clarification, a good VPN product gives ACL options that can restrict the tunneled traffic to specific hosts. You doing have to give remote VPN users access to an entire network.
Between these two options, the consequences of doing it wrong might be a little higher when you open up public access like proxy. A little less risk doing VPN or overlay remote access like tailscale.