WEBVTT 99:59:59.999 --> 99:59:59.999 Hi everyone, welcome back 99:59:59.999 --> 99:59:59.999 So today we're going to try something a little bit different 99:59:59.999 --> 99:59:59.999 We're gonna start a new video series 99:59:59.999 --> 99:59:59.999 about all the different ways to expose or access our homelab 99:59:59.999 --> 99:59:59.999 from the internet 99:59:59.999 --> 99:59:59.999 The reason is mainly because there's tons of options out there. 99:59:59.999 --> 99:59:59.999 and i feel like it's not talked enough about on YouTube 99:59:59.999 --> 99:59:59.999 Especially the security part 99:59:59.999 --> 99:59:59.999 which is most important 99:59:59.999 --> 99:59:59.999 almost everyone just assumes it's secure which isn't always the case 99:59:59.999 --> 99:59:59.999 so make sure to hit the like button 99:59:59.999 --> 99:59:59.999 subscribe 99:59:59.999 --> 99:59:59.999 and let's get started 99:59:59.999 --> 99:59:59.999 okay so how to do it 99:59:59.999 --> 99:59:59.999 to expose our homelab there are five main ways 99:59:59.999 --> 99:59:59.999 1. Secure Tunnels like Cloudflare 99:59:59.999 --> 99:59:59.999 2. Reverse proxies like Nginx 99:59:59.999 --> 99:59:59.999 3. Traditional VPNs like Wireguard or OpenVPN 99:59:59.999 --> 99:59:59.999 4. Mesh VPNs like ZeroTrust and Tailscale 99:59:59.999 --> 99:59:59.999 and lastly the old classic port forwarding or NAT 99:59:59.999 --> 99:59:59.999 So let's break down each one of them quickly to understand the differences 99:59:59.999 --> 99:59:59.999 first secure tunnels like Cloudflare 99:59:59.999 --> 99:59:59.999 This is often defined as secure tunnels to access your app without exposing your IP address 99:59:59.999 --> 99:59:59.999 making remote access easy 99:59:59.999 --> 99:59:59.999 it's also fairly easy to setup 99:59:59.999 --> 99:59:59.999 however, by default it's not secured enough 99:59:59.999 --> 99:59:59.999 and solely reling on your app security 99:59:59.999 --> 99:59:59.999 but this can be improved 99:59:59.999 --> 99:59:59.999 we'll cover this later in another video 99:59:59.999 --> 99:59:59.999 next reverse proxies 99:59:59.999 --> 99:59:59.999 like nginx 99:59:59.999 --> 99:59:59.999 it's a server that sits in the middle and forward requests to your homelab 99:59:59.999 --> 99:59:59.999 helping you manage multiple services under one domain 99:59:59.999 --> 99:59:59.999 while adding another layer of protection 99:59:59.999 --> 99:59:59.999 you will have more control over your services 99:59:59.999 --> 99:59:59.999 and how to manage them 99:59:59.999 --> 99:59:59.999 however, it exposes your IP and you must open a port on your router to access it 99:59:59.999 --> 99:59:59.999 next, traditional VPNs like Wireguard or OpenVPN 99:59:59.999 --> 99:59:59.999 it created an encrypted tunnel between your device and 99:59:59.999 --> 99:59:59.999 your home lab 99:59:59.999 --> 99:59:59.999 making it feel like you are on the same local network 99:59:59.999 --> 99:59:59.999 it's good for privacy and security 99:59:59.999 --> 99:59:59.999 but only useful when you are the only user because 99:59:59.999 --> 99:59:59.999 it's impossible to share access without sharing your private key 99:59:59.999 --> 99:59:59.999 to other users 99:59:59.999 --> 99:59:59.999 next, mesh VPNs 99:59:59.999 --> 99:59:59.999 like ZeroTier or Tailscale 99:59:59.999 --> 99:59:59.999 this is similar to normal VPns except it connects devices between each other 99:59:59.999 --> 99:59:59.999 instead of connecting them to a central server 99:59:59.999 --> 99:59:59.999 it has more control over normal VPNs in the way that you can choose which devices to share 99:59:59.999 --> 99:59:59.999 but you must manually join the network 99:59:59.999 --> 99:59:59.999 each time for each devices you want to give access to 99:59:59.999 --> 99:59:59.999 finally NAT this is a classic way of opening specific ports on your router 99:59:59.999 --> 99:59:59.999 to expose your homelab 99:59:59.999 --> 99:59:59.999 it's simplicity also carries high security risk if you rely on it alone. 99:59:59.999 --> 99:59:59.999 keep in mind NAT often gets used with other 99:59:59.999 --> 99:59:59.999 methods like previously showed 99:59:59.999 --> 99:59:59.999 but going purely [on it's own] port forwarding is a no-go for security setups 99:59:59.999 --> 99:59:59.999 Now, you may be wondering, 99:59:59.999 --> 99:59:59.999 What's the most secure setup? NOTE Paragraph 99:59:59.999 --> 99:59:59.999 to expose your home lab? 99:59:59.999 --> 99:59:59.999 Actually, [it] depends on your apps and what you want to do? 99:59:59.999 --> 99:59:59.999 In my opinion, it's not about which method you use 99:59:59.999 --> 99:59:59.999 but more about how you combine between them 99:59:59.999 --> 99:59:59.999 The best setup is to mix them and make 99:59:59.999 --> 99:59:59.999 them work all together 99:59:59.999 --> 99:59:59.999 to have the perfect setup. 99:59:59.999 --> 99:59:59.999 Okay so first let's go to cloudflare.com 99:59:59.999 --> 99:59:59.999 Go to "Sign Up" 99:59:59.999 --> 99:59:59.999 and free at the website 99:59:59.999 --> 99:59:59.999 And let's create a new account now 99:59:59.999 --> 99:59:59.999 After that if you already have [a] domain [previously purchased] 99:59:59.999 --> 99:59:59.999 enter it here 99:59:59.999 --> 99:59:59.999 or for me I'm just going to create a new domain. 99:59:59.999 --> 99:59:59.999 For some reason I got an error 99:59:59.999 --> 99:59:59.999 when trying to pay 99:59:59.999 --> 99:59:59.999 So I'm just going to import an existing domain 99:59:59.999 --> 99:59:59.999 Just going to type it here 99:59:59.999 --> 99:59:59.999 Okay, so then go down 99:59:59.999 --> 99:59:59.999 and choose the free package 99:59:59.999 --> 99:59:59.999 Next click on continue to activation 99:59:59.999 --> 99:59:59.999 confirm 99:59:59.999 --> 99:59:59.999 Next we need to do some modifications 99:59:59.999 --> 99:59:59.999 We need to modify, the current name servers 99:59:59.999 --> 99:59:59.999 with Cloudflare nameservers 99:59:59.999 --> 99:59:59.999 To allow cloudflare to control the domain 99:59:59.999 --> 99:59:59.999 to do that 99:59:59.999 --> 99:59:59.999 We go to the domain provider 99:59:59.999 --> 99:59:59.999 in my case it's NameCheap 99:59:59.999 --> 99:59:59.999 So in my case 99:59:59.999 --> 99:59:59.999 I'm gonna do custom DNS 99:59:59.999 --> 99:59:59.999 and then I copy.... 99:59:59.999 --> 99:59:59.999 the nameservers 99:59:59.999 --> 99:59:59.999 and then I save 99:59:59.999 --> 99:59:59.999 It tells you that it can take up to 48 hours 99:59:59.999 --> 99:59:59.999 But it's not true it [can take] just a few seconds 99:59:59.999 --> 99:59:59.999 or a few minutes max 99:59:59.999 --> 99:59:59.999 But, just in case 99:59:59.999 --> 99:59:59.999 If it take a long time to update 99:59:59.999 --> 99:59:59.999 Uh, this is normal so 99:59:59.999 --> 99:59:59.999 just wait 99:59:59.999 --> 99:59:59.999 There is no other choice 99:59:59.999 --> 99:59:59.999 Okay, so after a while, 99:59:59.999 --> 99:59:59.999 We get this page this means everything is good 99:59:59.999 --> 99:59:59.999 Now we go to access page 99:59:59.999 --> 99:59:59.999 and then NetZero™ Trust 99:59:59.999 --> 99:59:59.999 We choose our account 99:59:59.999 --> 99:59:59.999 Next you go to access 99:59:59.999 --> 99:59:59.999 Next we choose teamname 99:59:59.999 --> 99:59:59.999 Just anything 99:59:59.999 --> 99:59:59.999 Then we choose the free package of course 99:59:59.999 --> 99:59:59.999 There is zero payment 99:59:59.999 --> 99:59:59.999 Next we go to Networks 99:59:59.999 --> 99:59:59.999 Tunnels 99:59:59.999 --> 99:59:59.999 And we add a tunnel 99:59:59.999 --> 99:59:59.999 We choose this one Cloudflared 99:59:59.999 --> 99:59:59.999 We name our Tunnel 99:59:59.999 --> 99:59:59.999 Homelab uh test 99:59:59.999 --> 99:59:59.999 Next it will ask you to choose your home environment 99:59:59.999 --> 99:59:59.999 In this case you just uh 99:59:59.999 --> 99:59:59.999 You just choose docker 99:59:59.999 --> 99:59:59.999 and then we just copy the comment 99:59:59.999 --> 99:59:59.999 because we just need the token 99:59:59.999 --> 99:59:59.999 we don't need to run anything docker 99:59:59.999 --> 99:59:59.999 Then we go back to TrueNAS 99:59:59.999 --> 99:59:59.999 and we install 99:59:59.999 --> 99:59:59.999 the cloudflared app 99:59:59.999 --> 99:59:59.999 This one 99:59:59.999 --> 99:59:59.999 and here we got 99:59:59.999 --> 99:59:59.999 best what we had 99:59:59.999 --> 99:59:59.999 and we just keep 99:59:59.999 --> 99:59:59.999 remove everything we just keep the token 99:59:59.999 --> 99:59:59.999 So anything before this goes 99:59:59.999 --> 99:59:59.999 That's it 99:59:59.999 --> 99:59:59.999 We don't need to setup anything else 99:59:59.999 --> 99:59:59.999 even storage, it's not necessary 99:59:59.999 --> 99:59:59.999 and we install 99:59:59.999 --> 99:59:59.999 okday now it's up and running 99:59:59.999 --> 99:59:59.999 let's go back to cloudflared profile 99:59:59.999 --> 99:59:59.999 now we need to wait until we get uh 99:59:59.999 --> 99:59:59.999 Something here in connectors 99:59:59.999 --> 99:59:59.999 It will automatically serve 99:59:59.999 --> 99:59:59.999 Alright here we go 99:59:59.999 --> 99:59:59.999 It's connected 99:59:59.999 --> 99:59:59.999 So now we can continue 99:59:59.999 --> 99:59:59.999 next 99:59:59.999 --> 99:59:59.999 Now we're ready to add our first service 99:59:59.999 --> 99:59:59.999 Let's start by adding TrueNAS itself 99:59:59.999 --> 99:59:59.999 So let's just copy the IP 99:59:59.999 --> 99:59:59.999 Then we choose the subdomain 99:59:59.999 --> 99:59:59.999 TrueNAS 99:59:59.999 --> 99:59:59.999 and choose the domain 99:59:59.999 --> 99:59:59.999 then we choose HTTP 99:59:59.999 --> 99:59:59.999 and then the IP 99:59:59.999 --> 99:59:59.999 There is nothing specific to add there 99:59:59.999 --> 99:59:59.999 That's save 99:59:59.999 --> 99:59:59.999 To test this I'm going to disconnect from the VPN 99:59:59.999 --> 99:59:59.999 Because i'm not at home I'm connected to my home VPN 99:59:59.999 --> 99:59:59.999 So i'm just going to deactivate it 99:59:59.999 --> 99:59:59.999 and try this 99:59:59.999 --> 99:59:59.999 To show that likely if I try to go to the same IP 99:59:59.999 --> 99:59:59.999 it 99:59:59.999 --> 99:59:59.999 s not going to work 99:59:59.999 --> 99:59:59.999 because I disconnected from the VPN 99:59:59.999 --> 99:59:59.999 and if I try 99:59:59.999 --> 99:59:59.999 a domain 99:59:59.999 --> 99:59:59.999 from the new domain 99:59:59.999 --> 99:59:59.999 it works 99:59:59.999 --> 99:59:59.999 so now 99:59:59.999 --> 99:59:59.999 TrueNAS is accessible 99:59:59.999 --> 99:59:59.999 from the outside 99:59:59.999 --> 99:59:59.999 But this is not recommended of course 99:59:59.999 --> 99:59:59.999 If you want to expose something 99:59:59.999 --> 99:59:59.999 just expose the apps individually 99:59:59.999 --> 99:59:59.999 don't expose the whole thing 99:59:59.999 --> 99:59:59.999 so 99:59:59.999 --> 99:59:59.999 So now I'm just going to delete it 99:59:59.999 --> 99:59:59.999 and then I'm gonna add something else 99:59:59.999 --> 99:59:59.999 Okay now I want to add another service 99:59:59.999 --> 99:59:59.999 Maybe, ProxMox