1
99:59:59,999 --> 99:59:59,999
Hi everyone, welcome back

2
99:59:59,999 --> 99:59:59,999
So today we're going to try something a little bit different

3
99:59:59,999 --> 99:59:59,999
We're gonna start a new video series

4
99:59:59,999 --> 99:59:59,999
about all the different ways to expose or access our homelab

5
99:59:59,999 --> 99:59:59,999
from the internet

6
99:59:59,999 --> 99:59:59,999
The reason is mainly because there's tons of options out there.

7
99:59:59,999 --> 99:59:59,999
and i feel like it's not talked enough about on YouTube

8
99:59:59,999 --> 99:59:59,999
Especially the security part

9
99:59:59,999 --> 99:59:59,999
which is most important

10
99:59:59,999 --> 99:59:59,999
almost everyone just assumes it's secure which isn't always the case

11
99:59:59,999 --> 99:59:59,999
so make sure to hit the like button

12
99:59:59,999 --> 99:59:59,999
subscribe

13
99:59:59,999 --> 99:59:59,999
and let's get started

14
99:59:59,999 --> 99:59:59,999
okay so how to do it

15
99:59:59,999 --> 99:59:59,999
to expose our homelab there are five main ways

16
99:59:59,999 --> 99:59:59,999
1. Secure Tunnels like Cloudflare

17
99:59:59,999 --> 99:59:59,999
2. Reverse proxies like Nginx

18
99:59:59,999 --> 99:59:59,999
3. Traditional VPNs like Wireguard or OpenVPN

19
99:59:59,999 --> 99:59:59,999
4. Mesh VPNs like ZeroTrust and Tailscale

20
99:59:59,999 --> 99:59:59,999
and lastly the old classic port forwarding or NAT

21
99:59:59,999 --> 99:59:59,999
So let's break down each one of them quickly to understand the differences

22
99:59:59,999 --> 99:59:59,999
first secure tunnels like Cloudflare

23
99:59:59,999 --> 99:59:59,999
This is often defined as secure tunnels to access your app without exposing your IP address

24
99:59:59,999 --> 99:59:59,999
making remote access easy

25
99:59:59,999 --> 99:59:59,999
it's also fairly easy to setup

26
99:59:59,999 --> 99:59:59,999
however, by default it's not secured enough

27
99:59:59,999 --> 99:59:59,999
and solely reling on your app security

28
99:59:59,999 --> 99:59:59,999
but this can be improved

29
99:59:59,999 --> 99:59:59,999
we'll cover this later in another video

30
99:59:59,999 --> 99:59:59,999
next reverse proxies

31
99:59:59,999 --> 99:59:59,999
like nginx

32
99:59:59,999 --> 99:59:59,999
it's a server that sits in the middle and forward requests to your homelab

33
99:59:59,999 --> 99:59:59,999
helping you manage multiple services under one domain

34
99:59:59,999 --> 99:59:59,999
while adding another layer of protection

35
99:59:59,999 --> 99:59:59,999
you will have more control over your services

36
99:59:59,999 --> 99:59:59,999
and how to manage them

37
99:59:59,999 --> 99:59:59,999
however, it exposes your IP and you must open a port on your router to access it

38
99:59:59,999 --> 99:59:59,999
next, traditional VPNs like Wireguard or OpenVPN

39
99:59:59,999 --> 99:59:59,999
it created an encrypted tunnel between your device and

40
99:59:59,999 --> 99:59:59,999
your home lab

41
99:59:59,999 --> 99:59:59,999
making it feel like you are on the same local network

42
99:59:59,999 --> 99:59:59,999
it's good for privacy and security

43
99:59:59,999 --> 99:59:59,999
but only useful when you are the only user because

44
99:59:59,999 --> 99:59:59,999
it's impossible to share access without sharing your private key

45
99:59:59,999 --> 99:59:59,999
to other users

46
99:59:59,999 --> 99:59:59,999
next, mesh VPNs

47
99:59:59,999 --> 99:59:59,999
like ZeroTier or Tailscale

48
99:59:59,999 --> 99:59:59,999
this is similar to normal VPns except it connects devices between each other

49
99:59:59,999 --> 99:59:59,999
instead of connecting them to a central server

50
99:59:59,999 --> 99:59:59,999
it has more control over normal VPNs in the way that you can choose which devices to share

51
99:59:59,999 --> 99:59:59,999
but you must manually join the network

52
99:59:59,999 --> 99:59:59,999
each time for each devices you want to give access to

53
99:59:59,999 --> 99:59:59,999
finally NAT this is a classic way of opening specific ports on your router

54
99:59:59,999 --> 99:59:59,999
to expose your homelab

55
99:59:59,999 --> 99:59:59,999
it's simplicity also carries high security risk if you rely on it alone.

56
99:59:59,999 --> 99:59:59,999
keep in mind NAT often gets used with other

57
99:59:59,999 --> 99:59:59,999
methods like previously showed

58
99:59:59,999 --> 99:59:59,999
but going purely [on it's own] port forwarding is a no-go for security setups

59
99:59:59,999 --> 99:59:59,999
Now, you may be wondering,

60
99:59:59,999 --> 99:59:59,999
What's the most secure setup?

61
99:59:59,999 --> 99:59:59,999
to expose your home lab?

62
99:59:59,999 --> 99:59:59,999
Actually,