https web services as VPN alternative: access to the network

For a long time I used a VPN (Virtual Private Network) to access the home network from the Internet. And for along time I thought that a VPN was without alternative for accessing data or devices on one's own network. The VPN allows a connection from the Internet to the own network (LAN), just as if the device would be in the WLAN at home. But do I really need access to the entire network? Wouldn't it be better to enable only certain services? What do I need from my own network on the road? Access to the PC at home? To files on the NAS? To the SmartHome? Nothing at all?

The cloud simply works

Today, the majority of users have no need to access their own network or PC while on the road. Those who entrust their data to a cloud provider such as Google or Apple can access it at any time via the Internet. Even certain devices, such as a surveillance camera, the robot vacuum cleaner, current NAS systems or other smart home solutions usually offer a connection to a cloud service, usually controlled via their own app. Devices that are accessible from the Internet in their own network via a cloud provider establish an outgoing connection to the cloud provider. The associated app on the smartphone also establishes a connection to the cloud service, which controls both connections and thus also enables access to the user's own network, among other things. Especially those who are not very concerned with the topic will find simple solutions in the cloud. However, the cloud is a collection of different providers and their web services hosted on the Internet. Accordingly, the cloud is about many different isolated solutions. The largest providers for such isolated solutions are the well-known providers: Microsoft, Google, Apple and Amazon. Even if their services are not or only partially compatible with each other, they have at least one thing in common: the providers want to earn money with their services. The only alternative is to store the data at home. But what about all the conveniences that the cloud brings us? How can the data be accessed at home with a simple browser or app?

Better than VPN and more independent than the cloud: your own private web services.

I do have a VPN in use, but I hardly need it anymore. Not because I have hosted my data with a cloud provider, the reason is rather that I have published corresponding web services securely with HTTPS on the Internet for all relevant data, completely without a cloud provider. I am not an opponent of cloud services; on the contrary, I also use cloud services for certain devices, such as my vacuum robot. However, all my documents and photos are on my own server, provided by a local Nextcloud instance. For SmartHome, I also rely on an open source solution that runs entirely at home, see: Home Assistant Docker Conbee 2 and Zigbee2MQTT / deCONZ. The services are accessible via a normal URL over the Internet, much like a cloud provider, which provides a very similar convenience. To ensure that access is also secure, I used the Let's Encrypt reverse proxy Traefik. The call is encrypted and directly to the shared services. In comparison, a VPN would connect the entire network and also allow access to devices enable which are not needed.

Security VPN vs. HTTPS web services

If HTTPS and up-to-date encryption is used for a web service, the connection is considered secure. Security depends less on the transmission and more on the individual services: How their authentication is implemented. In addition to using passwords that are as secure as possible, MFA authentication (multifactor authentication), i.e., a 2nd factor for logging in, should be set up in the web service. Many web services offer MFA via an authenticator app on the cell phone. If the service does not offer MFA, or if you don't trust the service itself, you can set up an additional login via Traefik. This means that a connection to the web service only takes place after logging in to the reverse proxy. In addition to a username with associated password, other login providers can also be used for login. As an example, see: Traefik Google authentication. For the web service itself, a login is optionally required again.

Is a VPN the wrong way?

I don't want to claim now that a VPN is basically the wrong way, rather a large part of the access could be made available without a VPN, much more comfortable and granular: if necessary also for others. As an example, the last vacation photos could simply be shared via the private cloud. For certain people also with write access, which allows the files to be stored on specific folders. At this point, the available storage space is purely limited by the hard disk capacity of the private cloud. There are also dedicated smartphone apps for certain web services, which makes the user experience similar to that of a real cloud service. Access to a device in one's own network could look concretely as follows:

"Only" publish certain web services, not the entire network.

Those who run their own server at home can use it to release individual services, here in the form of Docker containers. In detail, access could be made via a public domain name (DNS) to the services of a mini-PC:


  1. URL for access to own web services: Own domain/DNS or: free DynDNS service - access with changing public IP.
  2. Access to own network at home: make available from the Internet: port forwarding - OpenWRT
  3. Hardware: Build NAS yourself: flexible, low power and cheap [HowTo] or MiniPC as server
  4. Operating system (OS) and Docker installation: installing Ubuntu Server and Docker - Snap vs. Apt
  5. Access via https:// including Let's Encrypt certificates: secure https connection: Traefik Reverse Proxy + Let's Encrypt
  6. Examples of self-hosted and web published web services:


With or without VPN: First, the data must be provided by a certain device in the own network. A normal PC is only suitable to a limited extent, since it would have to be switched on at the time of access or, if it were to run constantly, would consume a relatively large amount of power. There is also the question of how the data can be made available. One possible solution is a dedicated hardware, in the form of a . A mini-PC requires relatively little power and enables the use of certain web services. Private web services provide a similar level of convenience as corresponding cloud services from the well-known providers, and: dial-in via VPN is not required.

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Publication: 2023-02-20 from Bernhard | Übersetzung Deutsch |🔔

Top articles in this section

Ping with Port | cmd vs. PowerShell: Test-Netconnection

As is well known, the tool ping can be used to test the access to a certain network device and its response time. Not all devices will respond to a ping, but they may respond to a particular Tcp-Port if a particular network service is provided through it. Windows PowerShell allows you to test a specific port using Windows board tools. The psping tool can also measure the response time to a specific port.

[DIY] Build your own low power NAS: cheap and energy-efficient

If you are looking for a NAS (Network Attached Storage) for home use, you cannot avoid the manufacturers Synology and QNAP. Both manufacturers deliver small NAS complete solutions with the option to synchronize data locally or via the Internet, and both do not exactly charge little money for the hardware used.

OpenWRT hardware recommendation - available devices 2023

OpenWRT provides a uniform and up-to-date software for different network devices like routers or access points and delivers countless additional setting options, software packages and functions. This makes it possible to combine new and old devices from different manufacturers and, among other things, to use low-cost hardware in a common WiFi, see: Setting up a home network: Extending LAN and WLAN | Improving.

Questions / Comments

By continuing to browse the site, you agree to our use of cookies. More Details