9:59:59.000,9:59:59.000 Hi everyone, welcome back 9:59:59.000,9:59:59.000 So today we're going to try something a little bit different 9:59:59.000,9:59:59.000 We're gonna start a new video series 9:59:59.000,9:59:59.000 about all the different ways to expose or access our homelab 9:59:59.000,9:59:59.000 from the internet 9:59:59.000,9:59:59.000 The reason is mainly because there's tons of options out there. 9:59:59.000,9:59:59.000 and i feel like it's not talked enough about on YouTube 9:59:59.000,9:59:59.000 Especially the security part 9:59:59.000,9:59:59.000 which is most important 9:59:59.000,9:59:59.000 almost everyone just assumes it's secure which isn't always the case 9:59:59.000,9:59:59.000 so make sure to hit the like button 9:59:59.000,9:59:59.000 subscribe 9:59:59.000,9:59:59.000 and let's get started 9:59:59.000,9:59:59.000 okay so how to do it 9:59:59.000,9:59:59.000 to expose our homelab there are five main ways 9:59:59.000,9:59:59.000 1. Secure Tunnels like Cloudflare 9:59:59.000,9:59:59.000 2. Reverse proxies like Nginx 9:59:59.000,9:59:59.000 3. Traditional VPNs like Wireguard or OpenVPN 9:59:59.000,9:59:59.000 4. Mesh VPNs like ZeroTrust and Tailscale 9:59:59.000,9:59:59.000 and lastly the old classic port forwarding or NAT 9:59:59.000,9:59:59.000 So let's break down each one of them quickly to understand the differences 9:59:59.000,9:59:59.000 first secure tunnels like Cloudflare 9:59:59.000,9:59:59.000 This is often defined as secure tunnels to access your app without exposing your IP address 9:59:59.000,9:59:59.000 making remote access easy 9:59:59.000,9:59:59.000 it's also fairly easy to setup 9:59:59.000,9:59:59.000 however, by default it's not secured enough 9:59:59.000,9:59:59.000 and solely reling on your app security 9:59:59.000,9:59:59.000 but this can be improved 9:59:59.000,9:59:59.000 we'll cover this later in another video 9:59:59.000,9:59:59.000 next reverse proxies 9:59:59.000,9:59:59.000 like nginx 9:59:59.000,9:59:59.000 it's a server that sits in the middle and forward requests to your homelab 9:59:59.000,9:59:59.000 helping you manage multiple services under one domain 9:59:59.000,9:59:59.000 while adding another layer of protection 9:59:59.000,9:59:59.000 you will have more control over your services 9:59:59.000,9:59:59.000 and how to manage them 9:59:59.000,9:59:59.000 however, it exposes your IP and you must open a port on your router to access it 9:59:59.000,9:59:59.000 next, traditional VPNs like Wireguard or OpenVPN 9:59:59.000,9:59:59.000 it created an encrypted tunnel between your device and 9:59:59.000,9:59:59.000 your home lab 9:59:59.000,9:59:59.000 making it feel like you are on the same local network 9:59:59.000,9:59:59.000 it's good for privacy and security 9:59:59.000,9:59:59.000 but only useful when you are the only user because 9:59:59.000,9:59:59.000 it's impossible to share access without sharing your private key 9:59:59.000,9:59:59.000 to other users 9:59:59.000,9:59:59.000 next, mesh VPNs 9:59:59.000,9:59:59.000 like ZeroTier or Tailscale 9:59:59.000,9:59:59.000 this is similar to normal VPns except it connects devices between each other 9:59:59.000,9:59:59.000 instead of connecting them to a central server 9:59:59.000,9:59:59.000 it has more control over normal VPNs in the way that you can choose which devices to share 9:59:59.000,9:59:59.000 but you must manually join the network 9:59:59.000,9:59:59.000 each time for each devices you want to give access to 9:59:59.000,9:59:59.000 finally NAT this is a classic way of opening specific ports on your router 9:59:59.000,9:59:59.000 to expose your homelab 9:59:59.000,9:59:59.000 it's simplicity also carries high security risk if you rely on it alone. 9:59:59.000,9:59:59.000 keep in mind NAT often gets used with other 9:59:59.000,9:59:59.000 methods like previously showed 9:59:59.000,9:59:59.000 but going purely [on it's own] port forwarding is a no-go for security setups 9:59:59.000,9:59:59.000 Now, you may be wondering, 9:59:59.000,9:59:59.000 What's the most secure setup? 9:59:59.000,9:59:59.000 to expose your home lab? 9:59:59.000,9:59:59.000 Actually, [it] depends on your apps and what you want to do? 9:59:59.000,9:59:59.000 In my opinion, it's not about which method you use 9:59:59.000,9:59:59.000 but more about how you combine between them 9:59:59.000,9:59:59.000 The best setup is to mix them and make 9:59:59.000,9:59:59.000 them work all together 9:59:59.000,9:59:59.000 to have the perfect setup. 9:59:59.000,9:59:59.000 Okay so first let's go to cloudflare.com 9:59:59.000,9:59:59.000 Go to "Sign Up" 9:59:59.000,9:59:59.000 and free at the website 9:59:59.000,9:59:59.000 And let's create a new account now 9:59:59.000,9:59:59.000 After that if you already have [a] domain [previously purchased] 9:59:59.000,9:59:59.000 enter it here 9:59:59.000,9:59:59.000 or for me I'm just going to create a new domain. 9:59:59.000,9:59:59.000 For some reason I got an error 9:59:59.000,9:59:59.000 when trying to pay 9:59:59.000,9:59:59.000 So I'm just going to import an existing domain 9:59:59.000,9:59:59.000 Just going to type it here 9:59:59.000,9:59:59.000 Okay, so then go down 9:59:59.000,9:59:59.000 and choose the free package 9:59:59.000,9:59:59.000 Next click on continue to activation 9:59:59.000,9:59:59.000 confirm 9:59:59.000,9:59:59.000 Next we need to do some modifications 9:59:59.000,9:59:59.000 We need to modify, the current name servers 9:59:59.000,9:59:59.000 with Cloudflare nameservers 9:59:59.000,9:59:59.000 To allow cloudflare to control the domain 9:59:59.000,9:59:59.000 to do that 9:59:59.000,9:59:59.000 We go to the domain provider 9:59:59.000,9:59:59.000 in my case it's NameCheap 9:59:59.000,9:59:59.000 So in my case 9:59:59.000,9:59:59.000 I'm gonna do custom DNS 9:59:59.000,9:59:59.000 and then I copy.... 9:59:59.000,9:59:59.000 the nameservers 9:59:59.000,9:59:59.000 and then I save 9:59:59.000,9:59:59.000 It tells you that it can take [br]up to 48 hours 9:59:59.000,9:59:59.000 But it's not true it [can take] just a few seconds 9:59:59.000,9:59:59.000 or a few minutes max 9:59:59.000,9:59:59.000 But, just in case 9:59:59.000,9:59:59.000 If it take a long time to update 9:59:59.000,9:59:59.000 Uh, this is normal so 9:59:59.000,9:59:59.000 just wait 9:59:59.000,9:59:59.000 There is no other choice 9:59:59.000,9:59:59.000 Okay, so after a while, 9:59:59.000,9:59:59.000 We get this page this means everything is good 9:59:59.000,9:59:59.000 Now we go to access page 9:59:59.000,9:59:59.000 and then NetZero™ Trust 9:59:59.000,9:59:59.000 We choose our account 9:59:59.000,9:59:59.000 Next you go to access 9:59:59.000,9:59:59.000 Next we choose teamname 9:59:59.000,9:59:59.000 Just anything 9:59:59.000,9:59:59.000 Then we choose the free package of course 9:59:59.000,9:59:59.000 There is zero payment 9:59:59.000,9:59:59.000 Next we go to Networks 9:59:59.000,9:59:59.000 Tunnels 9:59:59.000,9:59:59.000 And we add a tunnel 9:59:59.000,9:59:59.000 We choose this one Cloudflared 9:59:59.000,9:59:59.000 We name our Tunnel 9:59:59.000,9:59:59.000 Homelab uh test 9:59:59.000,9:59:59.000 Next it will ask you to choose your home environment 9:59:59.000,9:59:59.000 In this case you just uh 9:59:59.000,9:59:59.000 You just choose docker 9:59:59.000,9:59:59.000 and then we just copy the comment 9:59:59.000,9:59:59.000 because we just need the token 9:59:59.000,9:59:59.000 we don't need to run anything docker 9:59:59.000,9:59:59.000 Then we go back to TrueNAS 9:59:59.000,9:59:59.000 and we install 9:59:59.000,9:59:59.000 the cloudflared app 9:59:59.000,9:59:59.000 This one 9:59:59.000,9:59:59.000 and here we got 9:59:59.000,9:59:59.000 best what we had 9:59:59.000,9:59:59.000 and we just keep 9:59:59.000,9:59:59.000 remove everything we just keep the token 9:59:59.000,9:59:59.000 So anything before this goes 9:59:59.000,9:59:59.000 That's it 9:59:59.000,9:59:59.000 We don't need to setup anything else 9:59:59.000,9:59:59.000 even storage, it's not necessary 9:59:59.000,9:59:59.000 and we install 9:59:59.000,9:59:59.000 okday now it's up and running 9:59:59.000,9:59:59.000 let's go back to cloudflared profile 9:59:59.000,9:59:59.000 now we need to wait until we get uh 9:59:59.000,9:59:59.000 Something here in connectors 9:59:59.000,9:59:59.000 It will automatically serve 9:59:59.000,9:59:59.000 Alright here we go 9:59:59.000,9:59:59.000 It's connected 9:59:59.000,9:59:59.000 So now we can continue 9:59:59.000,9:59:59.000 next 9:59:59.000,9:59:59.000 Now we're ready to add our first service 9:59:59.000,9:59:59.000 Let's start by adding TrueNAS itself 9:59:59.000,9:59:59.000 So let's just copy the IP 9:59:59.000,9:59:59.000 Then we choose the subdomain 9:59:59.000,9:59:59.000 TrueNAS 9:59:59.000,9:59:59.000 and choose the domain 9:59:59.000,9:59:59.000 then we choose HTTP 9:59:59.000,9:59:59.000 and then the IP 9:59:59.000,9:59:59.000 There is nothing specific to add there 9:59:59.000,9:59:59.000 That's save 9:59:59.000,9:59:59.000 To test this I'm going to disconnect from the VPN 9:59:59.000,9:59:59.000 Because i'm not at home I'm connected to my home VPN 9:59:59.000,9:59:59.000 So i'm just going to deactivate it 9:59:59.000,9:59:59.000 and try this 9:59:59.000,9:59:59.000 To show that likely if I try to go to the same IP 9:59:59.000,9:59:59.000 it 9:59:59.000,9:59:59.000 s not going to work 9:59:59.000,9:59:59.000 because I disconnected from the VPN 9:59:59.000,9:59:59.000 and if I try 9:59:59.000,9:59:59.000 a domain 9:59:59.000,9:59:59.000 from the new domain 9:59:59.000,9:59:59.000 it works 9:59:59.000,9:59:59.000 so now 9:59:59.000,9:59:59.000 TrueNAS is accessible 9:59:59.000,9:59:59.000 from the outside 9:59:59.000,9:59:59.000 But this is not recommended of course 9:59:59.000,9:59:59.000 If you want to expose something 9:59:59.000,9:59:59.000 just expose the apps individually 9:59:59.000,9:59:59.000 don't expose the whole thing 9:59:59.000,9:59:59.000 so 9:59:59.000,9:59:59.000 So now I'm just going to delete it 9:59:59.000,9:59:59.000 and then I'm gonna add something else 9:59:59.000,9:59:59.000 Okay now I want to add another service 9:59:59.000,9:59:59.000 Maybe, ProxMox