WEBVTT 99:59:59.999 --> 99:59:59.999 Hi everyone, welcome back 99:59:59.999 --> 99:59:59.999 So today we're going to try something a little bit different 99:59:59.999 --> 99:59:59.999 We're gonna start a new video series 99:59:59.999 --> 99:59:59.999 about all the different ways to expose or access our homelab 99:59:59.999 --> 99:59:59.999 from the internet 99:59:59.999 --> 99:59:59.999 The reason is mainly because there's tons of options out there. 99:59:59.999 --> 99:59:59.999 and i feel like it's not talked enough about on YouTube 99:59:59.999 --> 99:59:59.999 Especially the security part 99:59:59.999 --> 99:59:59.999 which is most important 99:59:59.999 --> 99:59:59.999 almost everyone just assumes it's secure which isn't always the case 99:59:59.999 --> 99:59:59.999 so make sure to hit the like button 99:59:59.999 --> 99:59:59.999 subscribe 99:59:59.999 --> 99:59:59.999 and let's get started 99:59:59.999 --> 99:59:59.999 okay so how to do it 99:59:59.999 --> 99:59:59.999 to expose our homelab there are five main ways 99:59:59.999 --> 99:59:59.999 1. Secure Tunnels like Cloudflare 99:59:59.999 --> 99:59:59.999 2. Reverse proxies like Nginx 99:59:59.999 --> 99:59:59.999 3. Traditional VPNs like Wireguard or OpenVPN 99:59:59.999 --> 99:59:59.999 4. Mesh VPNs like ZeroTrust and Tailscale 99:59:59.999 --> 99:59:59.999 and lastly the old classic port forwarding or NAT 99:59:59.999 --> 99:59:59.999 So let's break down each one of them quickly to understand the differences 99:59:59.999 --> 99:59:59.999 first secure tunnels like Cloudflare 99:59:59.999 --> 99:59:59.999 This is often defined as secure tunnels to access your app without exposing your IP address 99:59:59.999 --> 99:59:59.999 making remote access easy 99:59:59.999 --> 99:59:59.999 it's also fairly easy to setup 99:59:59.999 --> 99:59:59.999 however, by default it's not secured enough 99:59:59.999 --> 99:59:59.999 and solely reling on your app security 99:59:59.999 --> 99:59:59.999 but this can be improved 99:59:59.999 --> 99:59:59.999 we'll cover this later in another video 99:59:59.999 --> 99:59:59.999 next reverse proxies 99:59:59.999 --> 99:59:59.999 like nginx 99:59:59.999 --> 99:59:59.999 it's a server that sits in the middle and forward requests to your homelab 99:59:59.999 --> 99:59:59.999 helping you manage multiple services under one domain 99:59:59.999 --> 99:59:59.999 while adding another layer of protection 99:59:59.999 --> 99:59:59.999 you will have more control over your services 99:59:59.999 --> 99:59:59.999 and how to manage them 99:59:59.999 --> 99:59:59.999 however, it exposes your IP and you must open a port on your router to access it 99:59:59.999 --> 99:59:59.999 next, traditional VPNs like Wireguard or OpenVPN 99:59:59.999 --> 99:59:59.999 it created an encrypted tunnel between your device and 99:59:59.999 --> 99:59:59.999 your home lab 99:59:59.999 --> 99:59:59.999 making it feel like you are on the same local network 99:59:59.999 --> 99:59:59.999 it's good for privacy and security 99:59:59.999 --> 99:59:59.999 but only useful when you are the only user because 99:59:59.999 --> 99:59:59.999 it's impossible to share access without sharing your private key 99:59:59.999 --> 99:59:59.999 to other users 99:59:59.999 --> 99:59:59.999 next, mesh VPNs 99:59:59.999 --> 99:59:59.999 like ZeroTier or Tailscale 99:59:59.999 --> 99:59:59.999 this is similar to normal VPns except it connects devices between each other 99:59:59.999 --> 99:59:59.999 instead of connecting them to a central server 99:59:59.999 --> 99:59:59.999 it has more control over normal VPNs in the way that you can choose which devices to share 99:59:59.999 --> 99:59:59.999 but you must manually join the network 99:59:59.999 --> 99:59:59.999 each time for each devices you want to give access to 99:59:59.999 --> 99:59:59.999 finally NAT this is a classic way of opening specific ports on your router 99:59:59.999 --> 99:59:59.999 to expose your homelab 99:59:59.999 --> 99:59:59.999 it's simplicity also carries high security risk if you rely on it alone. 99:59:59.999 --> 99:59:59.999 keep in mind NAT often gets used with other 99:59:59.999 --> 99:59:59.999 methods like previously showed 99:59:59.999 --> 99:59:59.999 but going purely [on it's own] port forwarding is a no-go for security setups 99:59:59.999 --> 99:59:59.999 Now, you may be wondering, 99:59:59.999 --> 99:59:59.999 What's the most secure setup? NOTE Paragraph 99:59:59.999 --> 99:59:59.999 to expose your home lab? 99:59:59.999 --> 99:59:59.999 Actually,