hide💡July 26 marks the anniversary of the Americans with Disabilities Act.
Accessibility and Inclusion is at the heart of what we do, learn with Amara.org about the role of captions in ADA compliance!

< Return to Video

EXPOSE your Homelab to the INTERNET?! (Be Careful)

  • 0:01 - 0:02
    Hi everyone, welcome back
  • 0:02 - 0:05
    So today we're going to try
    something a little bit different.
  • 0:05 - 0:08
    We're gonna start a new video series
  • 0:09 - 0:13
    about all the different ways to
    expose or access our homelab
  • 0:13 - 0:14
    from the internet.
  • 0:15 - 0:18
    The reason is mainly because
    there's tons of options out there,
  • 0:18 - 0:21
    and I feel like it's not talked enough
    about on YouTube.
  • 0:21 - 0:25
    Especially the security part
    which is most important.
  • 0:25 - 0:29
    Almost everyone just assumes it's secure,
    which isn't always the case,
  • 0:29 - 0:32
    so make sure to hit the Like button
    Subscribe and Share
  • 0:32 - 0:33
    and let's get started.
  • 0:34 - 0:35
    Okay so how to do it,
  • 0:36 - 0:39
    to expose our homelab
    there are five main ways
  • 0:39 - 0:42
    1. Secure Tunnels like Cloudflare
  • 0:42 - 0:44
    2. Reverse proxies like Nginx
  • 0:44 - 0:48
    3. Traditional VPNs like Wireguard
    or OpenVPN protocols
  • 0:48 - 0:51
    4. Mesh VPNs like ZeroTier and Tailscale
  • 0:52 - 0:55
    and lastly 5. the old classic
    port forwarding or NAT
  • 0:55 - 0:59
    So let's break down each one of them
    quickly to understand the differences.
  • 0:59 - 1:02
    First secure tunnels like Cloudflare.
  • 1:02 - 1:07
    This is often defined as secure tunnels to
    access your app without exposing your IP
  • 1:07 - 1:09
    making remote access easy.
  • 1:09 - 1:11
    It's also fairly easy to setup,
  • 1:11 - 1:14
    however, by default it's
    not secured enough
  • 1:14 - 1:17
    and solely [relies] on your app security
  • 1:17 - 1:19
    but this can be improved.
  • 1:19 - 1:22
    We'll cover this later in another video.
  • 1:22 - 1:24
    Next, reverse proxies
    like nginx.
  • 1:24 - 1:28
    It's a server that sits in the middle
    and forward requests to your homelab
  • 1:28 - 1:32
    helping you manage multiple
    services under one domain.
  • 1:32 - 1:34
    While adding another layer of protection,
  • 1:34 - 1:39
    you will have more control over
    your services and how to
  • 1:39 - 1:41
    contr-
    manage them.
  • 1:41 - 1:46
    However, it exposes your IP and you must
    open a port on your router to access it.
  • 1:47 - 1:51
    Next, traditional VPNs like Wireguard
    or OpenVPN.
  • 1:51 - 1:55
    It creates an encrypted tunnel between
    your device and your homelab
  • 1:55 - 1:58
    making it feel like you are on
    the same local network.
  • 1:58 - 2:01
    It's good for privacy and security
  • 2:01 - 2:03
    but only useful when you are
    the only user because
  • 2:03 - 2:07
    it's impossible to share access
    without sharing your private key
  • 2:07 - 2:10
    to other users.
  • 2:10 - 2:14
    Next, mesh VPNs
    like ZeroTier or Tailscale.
  • 2:14 - 2:19
    This is similar to normal VPNs except it
    connects devices between each other
  • 2:19 - 2:22
    instead of connecting them
    to a central server.
  • 2:22 - 2:25
    It has more control over normal VPNs in
    the way that you can choose which
  • 2:25 - 2:29
    devices to share
    but you must manually join the network
  • 2:29 - 2:32
    each time for each devices
    you want to give access to.
  • 2:32 - 2:36
    Finally NAT this is a classic way of
    opening specific ports on your router
  • 2:36 - 2:38
    to expose your homelab.
  • 2:38 - 2:42
    It's simple but it also carries high
    security risk if you rely on it alone.
  • 2:42 - 2:47
    Keep in mind NAT often gets used with
    other methods like previously showed,
  • 2:47 - 2:51
    but going purely [on it's own] port
    forwarding is a no-go for secure setups.
  • 2:51 - 2:53
    Now, you may be wondering,
  • 2:53 - 2:56
    what's the most secure setup
    to expose your home lab?
  • 2:56 - 3:00
    Actually, [it] depends on your apps
    and what you want to do?
  • 3:00 - 3:03
    In my opinion, it's not about
    which method you use
  • 3:03 - 3:06
    but more about how you combine
    between them.
  • 3:06 - 3:10
    The best setup is to mix them
    and make them work all together
  • 3:10 - 3:12
    to have the perfect setup.
  • 3:14 - 3:17
    Okay so first let's go to cloudflare.com
  • 3:17 - 3:18
    Go to "Sign Up"
  • 3:19 - 3:22
    and free at the website.
  • 3:23 - 3:26
    And let's create a new account now.
  • 3:29 - 3:32
    After that if you already have [a]
    domain [previously purchased]
  • 3:32 - 3:36
    enter it here or for me I'm just
    going to create a new domain.
  • 3:40 - 3:42
    For some reason I got an error
    when trying to pay
  • 3:43 - 3:47
    So I'm just going to import an existing
    domain. Just going to type it here.
  • 3:51 - 3:54
    Okay, so then go down
  • 3:55 - 3:56
    and choose the free package.
  • 4:00 - 4:03
    Next click on continue to activation.
  • 4:03 - 4:07
    Confirm. Next we need to
    do some modifications
  • 4:07 - 4:11
    We need to modify,
    the current name servers
  • 4:11 - 4:13
    with Cloudflare nameservers
  • 4:13 - 4:16
    to allow Cloudflare to control the domain.
  • 4:17 - 4:18
    To do that,
  • 4:18 - 4:22
    we go to the domain provider
    in my case it's NameCheap.
  • 4:26 - 4:31
    So in my case I'm gonna do
    custom DNS and then I copy....
  • 4:36 - 4:38
    the nameservers
  • 4:39 - 4:40
    and then I save.
  • 4:43 - 4:46
    It tells you that it can take
    up to 48 hours
  • 4:46 - 4:50
    But it's not true it [can take] just a
    few seconds or a few minutes max
  • 4:50 - 4:52
    But, just in case
  • 4:53 - 4:55
    If it take a long time to update
  • 4:55 - 4:58
    Uh, this is normal so
    just wait
  • 4:58 - 5:00
    There is no other choice
  • 5:01 - 5:02
    Okay, so after a while,
  • 5:02 - 5:04
    We get this page this means
    everything is good
  • 5:05 - 5:07
    Now we go to access page
  • 5:08 - 5:10
    and then Launch Zero Trust.
  • 5:10 - 5:12
    We choose our account
  • 5:12 - 5:14
    Next you go to access
  • 5:15 - 5:18
    Next we choose teamname
  • 5:18 - 5:19
    Just anything
  • 5:23 - 5:26
    Then we choose the free package of course
  • 5:27 - 5:30
    There is zero payment
  • 5:33 - 5:35
    Next we go to Networks
  • 5:35 - 5:36
    Tunnels
  • 5:37 - 5:39
    And we add a tunnel
  • 5:40 - 5:41
    We choose this one Cloudflared
  • 5:42 - 5:45
    We name our Tunnel
    Homelab uh test
  • 5:47 - 5:50
    Next it will ask you to choose
    your environment
  • 5:50 - 5:53
    In this case you just uh
    You just choose docker
  • 5:53 - 5:55
    and then we just copy the comment
  • 5:55 - 6:00
    because we just need the token.
    We don't need to run anything docker
  • 6:00 - 6:02
    Then we go back to TrueNAS
  • 6:02 - 6:04
    and we install
  • 6:04 - 6:06
    the Cloudflared app.
  • 6:07 - 6:09
    This one
  • 6:11 - 6:13
    And here we['ve] got [to just]
    paste what we had
  • 6:13 - 6:15
    and we just keep.
  • 6:16 - 6:19
    Remove everything, we just keep the token.
  • 6:25 - 6:27
    So anything before this goes.
  • 6:29 - 6:30
    That's it.
  • 6:32 - 6:34
    We don't need to setup anything else.
  • 6:35 - 6:38
    Even storage, it's not necessary.
  • 6:40 - 6:41
    And we install.
  • 6:44 - 6:45
    Okay now it's up and running.
  • 6:46 - 6:48
    Let's go back to Cloudflared profile.
  • 6:49 - 6:53
    Now we need to wait until we get uh
    something here in connectors.
  • 6:53 - 6:55
    It will automatically search.
  • 6:55 - 6:56
    Alright here we go
  • 6:56 - 6:59
    It's connected.
    So now we can continue.
  • 6:59 - 7:00
    Next
  • 7:02 - 7:06
    Now we're ready to add our first service.
  • 7:07 - 7:09
    Let's start by adding TrueNAS itself.
  • 7:10 - 7:12
    So let's just copy the IP
  • 7:15 - 7:17
    Then we choose the subdomain
  • 7:17 - 7:18
    TrueNAS
  • 7:18 - 7:20
    and choose the domain
  • 7:21 - 7:23
    then we choose HTTP
  • 7:24 - 7:26
    and then the IP
  • 7:27 - 7:30
    There is nothing specific to add there.
  • 7:30 - 7:31
    That's save.
  • 7:33 - 7:36
    To test this I'm going to disconnect
    from the VPN
  • 7:36 - 7:41
    Because i'm not at home I'm
    connected to my home VPN.
  • 7:41 - 7:44
    So I'm just going to deactivate it
    and try this.
  • 7:45 - 7:51
    To show that likely if I try to go
    to the same IP
  • 7:53 - 7:56
    It's not going to work,
    because I disconnected from the VPN.
  • 7:57 - 7:58
    And if I try
  • 7:59 - 8:00
    a domain,
  • 8:00 - 8:01
    new domain.
  • 8:05 - 8:05
    It works.
  • 8:06 - 8:06
    So now
  • 8:09 - 8:11
    TrueNAS is accessible
  • 8:11 - 8:12
    from the outside.
  • 8:13 - 8:15
    But this is not recommended of course.
  • 8:15 - 8:19
    If you want to expose something
    just expose the apps individually
  • 8:19 - 8:21
    don't expose the whole thing.
  • 8:22 - 8:23
    so
  • 8:24 - 8:25
    So now I'm just going to delete it
  • 8:26 - 8:29
    and then I'm gonna add something else.
  • 8:34 - 8:36
    Okay now I want to add another service.
  • 8:36 - 8:38
    Maybe, Proxmox
  • 8:40 - 8:42
    Let's go to add the public hostname
  • 8:43 - 8:44
    Proxmox
  • 8:44 - 8:45
    same thing
  • 8:48 - 8:50
    here's we're going to choose HTTPS
    instead of HTTP
  • 8:51 - 8:53
    and then the IP
  • 8:54 - 8:58
    as well as the port which is 8...
  • 8:59 - 9:00
    8006
  • 9:04 - 9:07
    and then we go to
    Additional Settings > TLS
  • 9:08 - 9:11
    and we enable No TLS verify.
  • 9:11 - 9:12
    It will not check certificates.
  • 9:13 - 9:14
    Okay, now let's save.
  • 9:16 - 9:18
    Let's try again now.
  • 9:25 - 9:26
    NIce! Now it works.
  • 9:33 - 9:35
    And we'll disconnect the VPN
  • 9:36 - 9:36
    and refresh
  • 9:37 - 9:38
    and it still works.
  • 9:39 - 9:41
    Okay now before we're finishing the video
  • 9:42 - 9:46
    let's do one last service
    which is Paperless.
  • 9:46 - 9:50
    Since we already covered this
    in a previous video,
  • 9:50 - 9:52
    we're going to see how to expose this
  • 9:52 - 9:56
    Why did I choose Paperless because
    it's a bit tricky to setup
  • 9:57 - 9:58
    it's not as simple as
  • 9:59 - 10:00
    adding the hostname.
  • 10:01 - 10:04
    So, let's see first we just add the
    hostname of course
  • 10:07 - 10:08
    same thing as always,
  • 10:10 - 10:13
    HTTPS, and then we take the URL
  • 10:17 - 10:19
    which is IP and Port
  • 10:25 - 10:28
    It chooses HTTP not HTTPS
  • 10:29 - 10:30
    Service name
  • 10:31 - 10:34
    So first it's gonna work normally
  • 10:35 - 10:37
    If I try to access.
  • 10:40 - 10:41
    Alright
  • 10:42 - 10:45
    Uh, but the problem is when you
    try to login
  • 10:49 - 10:53
    You get this error.
    CSRF verification failed.
  • 10:53 - 10:54
    Why?
  • 10:54 - 10:58
    We need to change some settings
    to make it accessible.
  • 10:58 - 11:02
    According to the documentation,
  • 11:02 - 11:06
    we need to set this environment
    variable (PAPERLESS_URL)
  • 11:06 - 11:11
    uh and uh, set it to the domain name
  • 11:11 - 11:12
    we used in Cloudflare.
  • 11:13 - 11:14
    So let's do that
  • 11:15 - 11:18
    go to Paperless > Edit
  • 11:20 - 11:25
    and let's just add it as an
    environment variable here
  • 11:26 - 11:28
    PAPERLESS_URL
  • 11:29 - 11:32
    set it to paperless.yourdomain
  • 11:36 - 11:40
    make sure to add HTTPS to the beginning
  • 11:42 - 11:44
    and that's it.
    Update.
  • 11:48 - 11:51
    In case you got stuck in deploying
  • 11:51 - 11:53
    which was the case for me
  • 11:54 - 11:56
    I'm not sure why but the
    container Paperless
  • 11:57 - 12:00
    just stuck like this for a long time
  • 12:00 - 12:04
    So what I did is stop this instance
  • 12:04 - 12:06
    and create another instance
  • 12:06 - 12:11
    using the already created datasets.
  • 12:11 - 12:14
    So you're not going to lose anything
    of your files.
  • 12:17 - 12:19
    So let's start another instance
  • 12:21 - 12:23
    Let's call it paperless-cloudflare.
  • 12:26 - 12:29
    We can change password if you want.
  • 12:32 - 12:36
    By the way you can choose any secret
    key you want. Just want some random stuff
  • 12:36 - 12:38
    You don't need to remember it.
  • 12:43 - 12:45
    Okay, add an email
  • 12:45 - 12:47
    just a fake email.
  • 12:51 - 12:52
    Password.
  • 13:02 - 13:06
    Now we add again environment variable
  • 13:06 - 13:08
    PAPERLESS_URL
  • 13:09 - 13:10
    HTTPS
  • 13:11 - 13:12
    paperless…
  • 13:12 - 13:13
    dot
  • 13:15 - 13:16
    your domain
  • 13:21 - 13:24
    and then we add the other host path
  • 13:28 - 13:30
    Paperless this is the data.
  • 13:31 - 13:32
    let's copy this
  • 13:33 - 13:35
    And now Media
  • 13:40 - 13:42
    and then Consume
  • 13:50 - 13:52
    and Trash
  • 13:58 - 13:59
    this is PostScript
  • 14:06 - 14:09
    Make sure to check
    "Automatic Permissions".
  • 14:13 - 14:14
    Then we hit install.
  • 14:18 - 14:23
    Let's wait [a] little bit.
    It works but it takes some time.
  • 14:25 - 14:26
    Okay now it's running.
  • 14:27 - 14:28
    Let's start it.
  • 14:31 - 14:33
    First let's get the IP
  • 14:33 - 14:36
    I mean let's get the port--
    IP is the same.
  • 14:37 - 14:38
    Go back to cloudflare
  • 14:39 - 14:40
    Hit it
  • 14:41 - 14:44
    Going to put the new port
  • 14:45 - 14:46
    Save
  • 14:50 - 14:51
    Let's try now
  • 14:55 - 14:58
    Okay, now new password
  • 15:03 - 15:07
    And now it works. We don't got
    the error, the previous error.
  • 15:08 - 15:12
    And as you can see we still have the [same] documents as
  • 15:12 - 15:14
    before we didn't lost anything.
  • 15:15 - 15:17
    We still got all our documents.
  • 15:22 - 15:24
    Open them
  • 15:27 - 15:28
    And uh, everything works fine
  • 15:33 - 15:33
    That's it
  • 15:34 - 15:35
    Basically this is how to
  • 15:36 - 15:39
    expose your services on the cloud
  • 15:43 - 15:44
    To recap:
  • 15:44 - 15:47
    When you want to expose your app,
    this is how it works.
  • 15:47 - 15:53
    We don't access the app directly
    but rather you access the cloud server
  • 15:54 - 15:57
    cloudflare server. Cloudflare will
    make exchanges
  • 15:57 - 16:00
    with your LAN network through Cloudflare
  • 16:00 - 16:01
    and then
  • 16:02 - 16:04
    It will give access to your app.
  • 16:05 - 16:09
    This way you don't access your app
    directly which means you don't expose your
  • 16:09 - 16:11
    IP and you don't go through the NAT
  • 16:11 - 16:13
    you don't need to open a port
  • 16:13 - 16:17
    but be careful if your app is insecure
    and you get hacked.
  • 16:17 - 16:20
    You directly expose all of your homelab
  • 16:20 - 16:23
    It doesn't matter if you use
    Cloudflare or not
  • 16:23 - 16:26
    Like and Share if you made it this far.
    See you in the next video
Title:
EXPOSE your Homelab to the INTERNET?! (Be Careful)
Description:

more » « less
Video Language:
English
Team:
Captions Requested
Duration:
16:28
Andersony07 published English subtitles for EXPOSE your Homelab to the INTERNET?! (Be Careful) May 30, 2025, 12:52 PM
Super Wolfkin published English subtitles for EXPOSE your Homelab to the INTERNET?! (Be Careful) Feb 24, 2025, 3:02 PM
Super Wolfkin edited English subtitles for EXPOSE your Homelab to the INTERNET?! (Be Careful) Feb 24, 2025, 3:02 PM
Super Wolfkin published English subtitles for EXPOSE your Homelab to the INTERNET?! (Be Careful) Feb 24, 2025, 1:21 AM
Super Wolfkin edited English subtitles for EXPOSE your Homelab to the INTERNET?! (Be Careful) Feb 24, 2025, 1:21 AM
Super Wolfkin edited English subtitles for EXPOSE your Homelab to the INTERNET?! (Be Careful) Feb 24, 2025, 12:35 AM
Super Wolfkin edited English subtitles for EXPOSE your Homelab to the INTERNET?! (Be Careful) Feb 24, 2025, 12:07 AM
Super Wolfkin edited English subtitles for EXPOSE your Homelab to the INTERNET?! (Be Careful) Feb 24, 2025, 12:03 AM
Show all

English subtitles

Revisions Compare revisions