I’m looking into setting up Mastodon instance for myself on a very minimal cloud server. To save resources on that box, I’d like to run the web interface on my own server at home, and only have the Mastodon backend running on the VPS. Is it possible to completely get rid of the web interface and only access the instance through the API? What’s the best way to achieve this? Does anyone have experience with this, or do you know any useful resources?
Host on your home server with a Cloudflare tunnel. Cloudflare has a free tier that would suit your needs. It doesn’t rely on static IP addresses, deals with all of the ssh certs, and won’t expose your home IP address from incoming requests.
The backend workers make requests to other servers which would expose the IP address of those requests. You could use a VPN for the backend workers to protect those requests. But it’s this really a concern? What risk vector are you protecting yourself from? Don’t rely on security by obscurity. And even if a bad actor did get your IP address, you could just reboot your home router and get a new one.
I think you’re over engineering a solution for unlikely risk vectors.
If you were using a hybrid approach you would need a solid networking solution between your VPS and home server. Tailscale makes that easy. The shared resources like reddis, postgres, S3 hosting, etc can all be on servers running Tailscale and will appear as local servers. You can solve this with your own VPN but Tailscale is solid and deals with non static IP addresses.
Tl;Dr, host at home, use Cloudflare, and don’t worry about using a VPS (unless you need a high level of up time and have flaky Internet or power at home).