1 99:59:59,999 --> 99:59:59,999 Hi everyone, welcome back 2 99:59:59,999 --> 99:59:59,999 So today we're going to try something a little bit different 3 99:59:59,999 --> 99:59:59,999 We're gonna start a new video series 4 99:59:59,999 --> 99:59:59,999 about all the different ways to expose or access our homelab 5 99:59:59,999 --> 99:59:59,999 from the internet 6 99:59:59,999 --> 99:59:59,999 The reason is mainly because there's tons of options out there. 7 99:59:59,999 --> 99:59:59,999 and i feel like it's not talked enough about on YouTube 8 99:59:59,999 --> 99:59:59,999 Especially the security part 9 99:59:59,999 --> 99:59:59,999 which is most important 10 99:59:59,999 --> 99:59:59,999 almost everyone just assumes it's secure which isn't always the case 11 99:59:59,999 --> 99:59:59,999 so make sure to hit the like button 12 99:59:59,999 --> 99:59:59,999 subscribe 13 99:59:59,999 --> 99:59:59,999 and let's get started 14 99:59:59,999 --> 99:59:59,999 okay so how to do it 15 99:59:59,999 --> 99:59:59,999 to expose our homelab there are five main ways 16 99:59:59,999 --> 99:59:59,999 1. Secure Tunnels like Cloudflare 17 99:59:59,999 --> 99:59:59,999 2. Reverse proxies like Nginx 18 99:59:59,999 --> 99:59:59,999 3. Traditional VPNs like Wireguard or OpenVPN 19 99:59:59,999 --> 99:59:59,999 4. Mesh VPNs like ZeroTrust and Tailscale 20 99:59:59,999 --> 99:59:59,999 and lastly the old classic port forwarding or NAT 21 99:59:59,999 --> 99:59:59,999 So let's break down each one of them quickly to understand the differences 22 99:59:59,999 --> 99:59:59,999 first secure tunnels like Cloudflare 23 99:59:59,999 --> 99:59:59,999 This is often defined as secure tunnels to access your app without exposing your IP address 24 99:59:59,999 --> 99:59:59,999 making remote access easy 25 99:59:59,999 --> 99:59:59,999 it's also fairly easy to setup 26 99:59:59,999 --> 99:59:59,999 however, by default it's not secured enough 27 99:59:59,999 --> 99:59:59,999 and solely reling on your app security 28 99:59:59,999 --> 99:59:59,999 but this can be improved 29 99:59:59,999 --> 99:59:59,999 we'll cover this later in another video 30 99:59:59,999 --> 99:59:59,999 next reverse proxies 31 99:59:59,999 --> 99:59:59,999 like nginx 32 99:59:59,999 --> 99:59:59,999 it's a server that sits in the middle and forward requests to your homelab 33 99:59:59,999 --> 99:59:59,999 helping you manage multiple services under one domain 34 99:59:59,999 --> 99:59:59,999 while adding another layer of protection 35 99:59:59,999 --> 99:59:59,999 you will have more control over your services 36 99:59:59,999 --> 99:59:59,999 and how to manage them 37 99:59:59,999 --> 99:59:59,999 however, it exposes your IP and you must open a port on your router to access it 38 99:59:59,999 --> 99:59:59,999 next, traditional VPNs like Wireguard or OpenVPN 39 99:59:59,999 --> 99:59:59,999 it created an encrypted tunnel between your device and 40 99:59:59,999 --> 99:59:59,999 your home lab 41 99:59:59,999 --> 99:59:59,999 making it feel like you are on the same local network 42 99:59:59,999 --> 99:59:59,999 it's good for privacy and security 43 99:59:59,999 --> 99:59:59,999 but only useful when you are the only user because 44 99:59:59,999 --> 99:59:59,999 it's impossible to share access without sharing your private key 45 99:59:59,999 --> 99:59:59,999 to other users 46 99:59:59,999 --> 99:59:59,999 next, mesh VPNs 47 99:59:59,999 --> 99:59:59,999 like ZeroTier or Tailscale 48 99:59:59,999 --> 99:59:59,999 this is similar to normal VPns except it connects devices between each other 49 99:59:59,999 --> 99:59:59,999 instead of connecting them to a central server 50 99:59:59,999 --> 99:59:59,999 it has more control over normal VPNs in the way that you can choose which devices to share 51 99:59:59,999 --> 99:59:59,999 but you must manually join the network 52 99:59:59,999 --> 99:59:59,999 each time for each devices you want to give access to 53 99:59:59,999 --> 99:59:59,999 finally NAT this is a classic way of opening specific ports on your router 54 99:59:59,999 --> 99:59:59,999 to expose your homelab 55 99:59:59,999 --> 99:59:59,999 it's simplicity also carries high security risk if you rely on it alone. 56 99:59:59,999 --> 99:59:59,999 keep in mind NAT often gets used with other 57 99:59:59,999 --> 99:59:59,999 methods like previously showed 58 99:59:59,999 --> 99:59:59,999 but going purely [on it's own] port forwarding is a no-go for security setups 59 99:59:59,999 --> 99:59:59,999 Now, you may be wondering, 60 99:59:59,999 --> 99:59:59,999 What's the most secure setup? 61 99:59:59,999 --> 99:59:59,999 to expose your home lab? 62 99:59:59,999 --> 99:59:59,999 Actually, [it] depends on your apps and what you want to do? 63 99:59:59,999 --> 99:59:59,999 In my opinion, it's not about which method you use 64 99:59:59,999 --> 99:59:59,999 but more about how you combine between them 65 99:59:59,999 --> 99:59:59,999 The best setup is to mix them and make 66 99:59:59,999 --> 99:59:59,999 them work all together 67 99:59:59,999 --> 99:59:59,999 to have the perfect setup. 68 99:59:59,999 --> 99:59:59,999 Okay so first let's go to cloudflare.com 69 99:59:59,999 --> 99:59:59,999 Go to "Sign Up" 70 99:59:59,999 --> 99:59:59,999 and free at the website 71 99:59:59,999 --> 99:59:59,999 And let's create a new account now 72 99:59:59,999 --> 99:59:59,999 After that if you already have [a] domain [previously purchased] 73 99:59:59,999 --> 99:59:59,999 enter it here 74 99:59:59,999 --> 99:59:59,999 or for me I'm just going to create a new domain. 75 99:59:59,999 --> 99:59:59,999 For some reason I got an error 76 99:59:59,999 --> 99:59:59,999 when trying to pay 77 99:59:59,999 --> 99:59:59,999 So I'm just going to import an existing domain 78 99:59:59,999 --> 99:59:59,999 Just going to type it here 79 99:59:59,999 --> 99:59:59,999 Okay, so then go down 80 99:59:59,999 --> 99:59:59,999 and choose the free package 81 99:59:59,999 --> 99:59:59,999 Next click on continue to activation 82 99:59:59,999 --> 99:59:59,999 confirm 83 99:59:59,999 --> 99:59:59,999 Next we need to do some modifications 84 99:59:59,999 --> 99:59:59,999 We need to modify, the current name servers 85 99:59:59,999 --> 99:59:59,999 with Cloudflare nameservers 86 99:59:59,999 --> 99:59:59,999 To allow cloudflare to control the domain 87 99:59:59,999 --> 99:59:59,999 to do that 88 99:59:59,999 --> 99:59:59,999 We go to the domain provider 89 99:59:59,999 --> 99:59:59,999 in my case it's NameCheap 90 99:59:59,999 --> 99:59:59,999 So in my case 91 99:59:59,999 --> 99:59:59,999 I'm gonna do custom DNS 92 99:59:59,999 --> 99:59:59,999 and then I copy.... 93 99:59:59,999 --> 99:59:59,999 the nameservers 94 99:59:59,999 --> 99:59:59,999 and then I save 95 99:59:59,999 --> 99:59:59,999 It tells you that it can take up to 48 hours 96 99:59:59,999 --> 99:59:59,999 But it's not true it [can take] just a few seconds 97 99:59:59,999 --> 99:59:59,999 or a few minutes max 98 99:59:59,999 --> 99:59:59,999 But, just in case 99 99:59:59,999 --> 99:59:59,999 If it take a long time to update 100 99:59:59,999 --> 99:59:59,999 Uh, this is normal so 101 99:59:59,999 --> 99:59:59,999 just wait 102 99:59:59,999 --> 99:59:59,999 There is no other choice 103 99:59:59,999 --> 99:59:59,999 Okay, so after a while, 104 99:59:59,999 --> 99:59:59,999 We get this page this means everything is good 105 99:59:59,999 --> 99:59:59,999 Now we go to access page 106 99:59:59,999 --> 99:59:59,999 and then NetZero™ Trust 107 99:59:59,999 --> 99:59:59,999 We choose our account 108 99:59:59,999 --> 99:59:59,999 Next you go to access 109 99:59:59,999 --> 99:59:59,999 Next we choose teamname 110 99:59:59,999 --> 99:59:59,999 Just anything 111 99:59:59,999 --> 99:59:59,999 Then we choose the free package of course 112 99:59:59,999 --> 99:59:59,999 There is zero payment 113 99:59:59,999 --> 99:59:59,999 Next we go to Networks 114 99:59:59,999 --> 99:59:59,999 Tunnels 115 99:59:59,999 --> 99:59:59,999 And we add a tunnel 116 99:59:59,999 --> 99:59:59,999 We choose this one Cloudflared 117 99:59:59,999 --> 99:59:59,999 We name our Tunnel 118 99:59:59,999 --> 99:59:59,999 Homelab uh test 119 99:59:59,999 --> 99:59:59,999 Next it will ask you to choose your home environment 120 99:59:59,999 --> 99:59:59,999 In this case you just uh 121 99:59:59,999 --> 99:59:59,999 You just choose docker 122 99:59:59,999 --> 99:59:59,999 and then we just copy the comment 123 99:59:59,999 --> 99:59:59,999 because we just need the token 124 99:59:59,999 --> 99:59:59,999 we don't need to run anything docker 125 99:59:59,999 --> 99:59:59,999 Then we go back to TrueNAS 126 99:59:59,999 --> 99:59:59,999 and we install 127 99:59:59,999 --> 99:59:59,999 the cloudflared app 128 99:59:59,999 --> 99:59:59,999 This one 129 99:59:59,999 --> 99:59:59,999 and here we got 130 99:59:59,999 --> 99:59:59,999 best what we had 131 99:59:59,999 --> 99:59:59,999 and we just keep 132 99:59:59,999 --> 99:59:59,999 remove everything we just keep the token 133 99:59:59,999 --> 99:59:59,999 So anything before this goes 134 99:59:59,999 --> 99:59:59,999 That's it 135 99:59:59,999 --> 99:59:59,999 We don't need to setup anything else 136 99:59:59,999 --> 99:59:59,999 even storage, it's not necessary 137 99:59:59,999 --> 99:59:59,999 and we install 138 99:59:59,999 --> 99:59:59,999 okday now it's up and running 139 99:59:59,999 --> 99:59:59,999 let's go back to cloudflared profile 140 99:59:59,999 --> 99:59:59,999 now we need to wait until we get uh 141 99:59:59,999 --> 99:59:59,999 Something here in connectors 142 99:59:59,999 --> 99:59:59,999 It will automatically serve 143 99:59:59,999 --> 99:59:59,999 Alright here we go 144 99:59:59,999 --> 99:59:59,999 It's connected 145 99:59:59,999 --> 99:59:59,999 So now we can continue 146 99:59:59,999 --> 99:59:59,999 next 147 99:59:59,999 --> 99:59:59,999 Now we're ready to add our first service 148 99:59:59,999 --> 99:59:59,999 Let's start by adding TrueNAS itself 149 99:59:59,999 --> 99:59:59,999 So let's just copy the IP 150 99:59:59,999 --> 99:59:59,999 Then we choose the subdomain 151 99:59:59,999 --> 99:59:59,999 TrueNAS 152 99:59:59,999 --> 99:59:59,999 and choose the domain 153 99:59:59,999 --> 99:59:59,999 then we choose HTTP 154 99:59:59,999 --> 99:59:59,999 and then the IP 155 99:59:59,999 --> 99:59:59,999 There is nothing specific to add there 156 99:59:59,999 --> 99:59:59,999 That's save 157 99:59:59,999 --> 99:59:59,999 To test this I'm going to disconnect from the VPN 158 99:59:59,999 --> 99:59:59,999 Because i'm not at home I'm connected to my home VPN 159 99:59:59,999 --> 99:59:59,999 So i'm just going to deactivate it 160 99:59:59,999 --> 99:59:59,999 and try this 161 99:59:59,999 --> 99:59:59,999 To show that likely if I try to go to the same IP 162 99:59:59,999 --> 99:59:59,999 it 163 99:59:59,999 --> 99:59:59,999 s not going to work 164 99:59:59,999 --> 99:59:59,999 because I disconnected from the VPN 165 99:59:59,999 --> 99:59:59,999 and if I try 166 99:59:59,999 --> 99:59:59,999 a domain 167 99:59:59,999 --> 99:59:59,999 from the new domain 168 99:59:59,999 --> 99:59:59,999 it works 169 99:59:59,999 --> 99:59:59,999 so now 170 99:59:59,999 --> 99:59:59,999 TrueNAS is accessible 171 99:59:59,999 --> 99:59:59,999 from the outside 172 99:59:59,999 --> 99:59:59,999 But this is not recommended of course 173 99:59:59,999 --> 99:59:59,999 If you want to expose something 174 99:59:59,999 --> 99:59:59,999 just expose the apps individually 175 99:59:59,999 --> 99:59:59,999 don't expose the whole thing 176 99:59:59,999 --> 99:59:59,999 so 177 99:59:59,999 --> 99:59:59,999 So now I'm just going to delete it 178 99:59:59,999 --> 99:59:59,999 and then I'm gonna add something else 179 99:59:59,999 --> 99:59:59,999 Okay now I want to add another service 180 99:59:59,999 --> 99:59:59,999 Maybe, ProxMox