-
Not Synced
Hi everyone, welcome back
-
Not Synced
So today we're going to try something a little bit different
-
Not Synced
We're gonna start a new video series
-
Not Synced
about all the different ways to expose or access our homelab
-
Not Synced
from the internet
-
Not Synced
The reason is mainly because there's tons of options out there.
-
Not Synced
and i feel like it's not talked enough about on YouTube
-
Not Synced
Especially the security part
-
Not Synced
which is most important
-
Not Synced
almost everyone just assumes it's secure which isn't always the case
-
Not Synced
so make sure to hit the like button
-
Not Synced
subscribe
-
Not Synced
and let's get started
-
Not Synced
okay so how to do it
-
Not Synced
to expose our homelab there are five main ways
-
Not Synced
1. Secure Tunnels like Cloudflare
-
Not Synced
2. Reverse proxies like Nginx
-
Not Synced
3. Traditional VPNs like Wireguard or OpenVPN
-
Not Synced
4. Mesh VPNs like ZeroTrust and Tailscale
-
Not Synced
and lastly the old classic port forwarding or NAT
-
Not Synced
So let's break down each one of them quickly to understand the differences
-
Not Synced
first secure tunnels like Cloudflare
-
Not Synced
This is often defined as secure tunnels to access your app without exposing your IP address
-
Not Synced
making remote access easy
-
Not Synced
it's also fairly easy to setup
-
Not Synced
however, by default it's not secured enough
-
Not Synced
and solely reling on your app security
-
Not Synced
but this can be improved
-
Not Synced
we'll cover this later in another video
-
Not Synced
next reverse proxies
-
Not Synced
like nginx
-
Not Synced
it's a server that sits in the middle and forward requests to your homelab
-
Not Synced
helping you manage multiple services under one domain
-
Not Synced
while adding another layer of protection
-
Not Synced
you will have more control over your services
-
Not Synced
and how to manage them
-
Not Synced
however, it exposes your IP and you must open a port on your router to access it
-
Not Synced
next, traditional VPNs like Wireguard or OpenVPN
-
Not Synced
it created an encrypted tunnel between your device and
-
Not Synced
your home lab
-
Not Synced
making it feel like you are on the same local network
-
Not Synced
it's good for privacy and security
-
Not Synced
but only useful when you are the only user because
-
Not Synced
it's impossible to share access without sharing your private key
-
Not Synced
to other users
-
Not Synced
next, mesh VPNs
-
Not Synced
like ZeroTier or Tailscale
-
Not Synced
this is similar to normal VPns except it connects devices between each other
-
Not Synced
instead of connecting them to a central server
-
Not Synced
it has more control over normal VPNs in the way that you can choose which devices to share
-
Not Synced
but you must manually join the network
-
Not Synced
each time for each devices you want to give access to
-
Not Synced
finally NAT this is a classic way of opening specific ports on your router
-
Not Synced
to expose your homelab
-
Not Synced
it's simplicity also carries high security risk if you rely on it alone.
-
Not Synced
keep in mind NAT often gets used with other
-
Not Synced
methods like previously showed
-
Not Synced
but going purely [on it's own] port forwarding is a no-go for security setups
-
Not Synced
Now, you may be wondering,
-
Not Synced
What's the most secure setup?
-
Not Synced
to expose your home lab?
-
Not Synced
Actually, [it] depends on your apps and what you want to do?
-
Not Synced
In my opinion, it's not about which method you use
-
Not Synced
but more about how you combine between them
-
Not Synced
The best setup is to mix them and make
-
Not Synced
them work all together
-
Not Synced
to have the perfect setup.
-
Not Synced
Okay so first let's go to cloudflare.com
-
Not Synced
Go to "Sign Up"
-
Not Synced
and free at the website
-
Not Synced
And let's create a new account now
-
Not Synced
After that if you already have [a] domain [previously purchased]
-
Not Synced
enter it here
-
Not Synced
or for me I'm just going to create a new domain.
-
Not Synced
For some reason I got an error
-
Not Synced
when trying to pay
-
Not Synced
So I'm just going to import an existing domain
-
Not Synced
Just going to type it here
-
Not Synced
Okay, so then go down
-
Not Synced
and choose the free package
-
Not Synced
Next click on continue to activation
-
Not Synced
confirm
-
Not Synced
Next we need to do some modifications
-
Not Synced
We need to modify, the current name servers
-
Not Synced
with Cloudflare nameservers
-
Not Synced
To allow cloudflare to control the domain
-
Not Synced
to do that
-
Not Synced
We go to the domain provider
-
Not Synced
in my case it's NameCheap
-
Not Synced
So in my case
-
Not Synced
I'm gonna do custom DNS
-
Not Synced
and then I copy....
-
Not Synced
the nameservers
-
Not Synced
and then I save
-
Not Synced
It tells you that it can take
up to 48 hours
-
Not Synced
But it's not true it [can take] just a few seconds
-
Not Synced
or a few minutes max
-
Not Synced
But, just in case
-
Not Synced
If it take a long time to update
-
Not Synced
Uh, this is normal so
-
Not Synced
just wait
-
Not Synced
There is no other choice
-
Not Synced
Okay, so after a while,
-
Not Synced
We get this page this means everything is good
-
Not Synced
Now we go to access page
-
Not Synced
and then NetZero™ Trust
-
Not Synced
We choose our account
-
Not Synced
Next you go to access
-
Not Synced
Next we choose teamname
-
Not Synced
Just anything
-
Not Synced
Then we choose the free package of course
-
Not Synced
There is zero payment
-
Not Synced
Next we go to Networks
-
Not Synced
Tunnels
-
Not Synced
And we add a tunnel
-
Not Synced
We choose this one Cloudflared
-
Not Synced
We name our Tunnel
-
Not Synced
Homelab uh test
-
Not Synced
Next it will ask you to choose your home environment
-
Not Synced
In this case you just uh
-
Not Synced
You just choose docker
-
Not Synced
and then we just copy the comment
-
Not Synced
because we just need the token
-
Not Synced
we don't need to run anything docker
-
Not Synced
Then we go back to TrueNAS
-
Not Synced
and we install
-
Not Synced
the cloudflared app
-
Not Synced
This one
-
Not Synced
and here we got
-
Not Synced
best what we had
-
Not Synced
and we just keep
-
Not Synced
remove everything we just keep the token
-
Not Synced
So anything before this goes
-
Not Synced
That's it
-
Not Synced
We don't need to setup anything else
-
Not Synced
even storage, it's not necessary
-
Not Synced
and we install
-
Not Synced
okday now it's up and running
-
Not Synced
let's go back to cloudflared profile
-
Not Synced
now we need to wait until we get uh
-
Not Synced
Something here in connectors
-
Not Synced
It will automatically serve
-
Not Synced
Alright here we go
-
Not Synced
It's connected
-
Not Synced
So now we can continue
-
Not Synced
next
-
Not Synced
Now we're ready to add our first service
-
Not Synced
Let's start by adding TrueNAS itself
-
Not Synced
So let's just copy the IP
-
Not Synced
Then we choose the subdomain
-
Not Synced
TrueNAS
-
Not Synced
and choose the domain
-
Not Synced
then we choose HTTP
-
Not Synced
and then the IP
-
Not Synced
There is nothing specific to add there
-
Not Synced
That's save
-
Not Synced
To test this I'm going to disconnect from the VPN
-
Not Synced
Because i'm not at home I'm connected to my home VPN
-
Not Synced
So i'm just going to deactivate it
-
Not Synced
and try this
-
Not Synced
To show that likely if I try to go to the same IP
-
Not Synced
it
-
Not Synced
s not going to work
-
Not Synced
because I disconnected from the VPN
-
Not Synced
and if I try
-
Not Synced
a domain
-
Not Synced
from the new domain
-
Not Synced
it works
-
Not Synced
so now
-
Not Synced
TrueNAS is accessible
-
Not Synced
from the outside
-
Not Synced
But this is not recommended of course
-
Not Synced
If you want to expose something
-
Not Synced
just expose the apps individually
-
Not Synced
don't expose the whole thing
-
Not Synced
so
-
Not Synced
So now I'm just going to delete it
-
Not Synced
and then I'm gonna add something else
-
Not Synced
Okay now I want to add another service
-
Not Synced
Maybe, ProxMox
Captions Requested
