-
Not Synced
Hi everyone, welcome back
-
Not Synced
So today we're going to try something a little bit different
-
Not Synced
We're gonna start a new video series
-
Not Synced
about all the different ways to expose or access our homelab
-
Not Synced
from the internet
-
Not Synced
The reason is mainly because there's tons of options out there.
-
Not Synced
and i feel like it's not talked enough about on YouTube
-
Not Synced
Especially the security part
-
Not Synced
which is most important
-
Not Synced
almost everyone just assumes it's secure which isn't always the case
-
Not Synced
so make sure to hit the like button
-
Not Synced
subscribe
-
Not Synced
and let's get started
-
Not Synced
okay so how to do it
-
Not Synced
to expose our homelab there are five main ways
-
Not Synced
1. Secure Tunnels like Cloudflare
-
Not Synced
2. Reverse proxies like Nginx
-
Not Synced
3. Traditional VPNs like Wireguard or OpenVPN
-
Not Synced
4. Mesh VPNs like ZeroTrust and Tailscale
-
Not Synced
and lastly the old classic port forwarding or NAT
-
Not Synced
So let's break down each one of them quickly to understand the differences
-
Not Synced
first secure tunnels like Cloudflare
-
Not Synced
This is often defined as secure tunnels to access your app without exposing your IP address
-
Not Synced
making remote access easy
-
Not Synced
it's also fairly easy to setup
-
Not Synced
however, by default it's not secured enough
-
Not Synced
and solely reling on your app security
-
Not Synced
but this can be improved
-
Not Synced
we'll cover this later in another video
-
Not Synced
next reverse proxies
-
Not Synced
like nginx
-
Not Synced
it's a server that sits in the middle and forward requests to your homelab
-
Not Synced
helping you manage multiple services under one domain
-
Not Synced
while adding another layer of protection
-
Not Synced
you will have more control over your services
-
Not Synced
and how to manage them
-
Not Synced
however, it exposes your IP and you must open a port on your router to access it
-
Not Synced
next, traditional VPNs like Wireguard or OpenVPN
-
Not Synced
it created an encrypted tunnel between your device and
-
Not Synced
your home lab
-
Not Synced
making it feel like you are on the same local network
-
Not Synced
it's good for privacy and security
-
Not Synced
but only useful when you are the only user because
-
Not Synced
it's impossible to share access without sharing your private key
-
Not Synced
to other users
-
Not Synced
next, mesh VPNs
-
Not Synced
like ZeroTier or Tailscale
-
Not Synced
this is similar to normal VPns except it connects devices between each other
-
Not Synced
instead of connecting them to a central server
-
Not Synced
it has more control over normal VPNs in the way that you can choose which devices to share
-
Not Synced
but you must manually join the network
-
Not Synced
each time for each devices you want to give access to
-
Not Synced
finally NAT this is a classic way of opening specific ports on your router
-
Not Synced
to expose your homelab
-
Not Synced
it's simplicity also carries high security risk if you rely on it alone.
-
Not Synced
keep in mind NAT often gets used with other
-
Not Synced
methods like previously showed
-
Not Synced
but going purely [on it's own] port forwarding is a no-go for security setups
-
Not Synced
Now, you may be wondering,
-
Not Synced
What's the most secure setup?
-
Not Synced
to expose your home lab?
-
Not Synced
Actually, [it] depends on your apps and what you want to do?
-
Not Synced
In my opinion, it's not about which method you use
-
Not Synced
but more about how you combine between them
-
Not Synced
The best setup is to mix them and make
-
Not Synced
them work all together
-
Not Synced
to have the perfect setup.
-
Not Synced
Okay so first let's go to cloudflare.com
-
Not Synced
Go to "Sign Up"
-
Not Synced
and free at the website
-
Not Synced
And let's create a new account now
-
Not Synced
After that if you already have [a] domain [previously purchased]
-
Not Synced
enter it here
-
Not Synced
or for me I'm just going to create a new domain.
-
Not Synced
For some reason I got an error
-
Not Synced
when trying to pay
-
Not Synced
So I'm just going to import an existing domain
-
Not Synced
Just going to type it here
-
Not Synced
Okay, so then go down
-
Not Synced
and choose the free package
-
Not Synced
Next click on continue to activation
-
Not Synced
confirm
-
Not Synced
Next we need to do some modifications
-
Not Synced
We need to modify, the current name servers
-
Not Synced
with Cloudflare nameservers
-
Not Synced
To allow cloudflare to control the domain
-
Not Synced
to do that
-
Not Synced
We go to the domain provider
-
Not Synced
in my case it's NameCheap
-
Not Synced
So in my case
-
Not Synced
I'm gonna do custom DNS
-
Not Synced
and then I copy....
-
Not Synced
the nameservers
-
Not Synced
and then I save
-
Not Synced
It tells you that it can take
up to 48 hours
-
Not Synced
But it's not true it [can take] just a few seconds
-
Not Synced
or a few minutes max
-
Not Synced
But, just in case
-
Not Synced
If it take a long time to update
-
Not Synced
Uh, this is normal so
-
Not Synced
just wait
-
Not Synced
There is no other choice
-
Not Synced
Okay, so after a while,
-
Not Synced
We get this page this means everything is good
-
Not Synced
Now we go to access page
-
Not Synced
and then NetZero™ Trust
-
Not Synced
We choose our account
-
Not Synced
Next you go to access
-
Not Synced
Next we choose teamname
-
Not Synced
Just anything
-
Not Synced
Then we choose the free package of course
-
Not Synced
There is zero payment
-
Not Synced
Next we go to Networks
-
Not Synced
Tunnels
-
Not Synced
And we add a tunnel
-
Not Synced
We choose this one Cloudflared
-
Not Synced
We name our Tunnel
-
Not Synced
Homelab uh test
-
Not Synced
Next it will ask you to choose your home environment
-
Not Synced
In this case you just uh
-
Not Synced
You just choose docker
-
Not Synced
and then we just copy the comment
-
Not Synced
because we just need the token
-
Not Synced
we don't need to run anything docker
-
Not Synced
Then we go back to TrueNAS
-
Not Synced
and we install
-
Not Synced
the cloudflared app
-
Not Synced
This one
-
Not Synced
and here we got
-
Not Synced
best what we had
-
Not Synced
and we just keep
-
Not Synced
remove everything we just keep the token
-
Not Synced
So anything before this goes
-
Not Synced
That's it
-
Not Synced
We don't need to setup anything else
-
Not Synced
even storage, it's not necessary
-
Not Synced
and we install
-
Not Synced
okday now it's up and running
-
Not Synced
let's go back to cloudflared profile
-
Not Synced
now we need to wait until we get uh
-
Not Synced
Something here in connectors
-
Not Synced
It will automatically serve
-
Not Synced
Alright here we go
-
Not Synced
It's connected
-
Not Synced
So now we can continue
-
Not Synced
next
-
Not Synced
Now we're ready to add our first service
-
Not Synced
Let's start by adding TrueNAS itself
-
Not Synced
So let's just copy the IP
-
Not Synced
Then we choose the subdomain
-
Not Synced
TrueNAS
-
Not Synced
and choose the domain
-
Not Synced
then we choose HTTP
-
Not Synced
and then the IP
-
Not Synced
There is nothing specific to add there
-
Not Synced
That's save
-
Not Synced
To test this I'm going to disconnect from the VPN
-
Not Synced
Because i'm not at home I'm connected to my home VPN
-
Not Synced
So i'm just going to deactivate it
-
Not Synced
and try this
-
Not Synced
To show that likely if I try to go to the same IP
-
Not Synced
it
-
Not Synced
s not going to work
-
Not Synced
because I disconnected from the VPN
-
Not Synced
and if I try
-
Not Synced
a domain
-
Not Synced
from the new domain
-
Not Synced
it works
-
Not Synced
so now
-
Not Synced
TrueNAS is accessible
-
Not Synced
from the outside
-
Not Synced
But this is not recommended of course
-
Not Synced
If you want to expose something
-
Not Synced
just expose the apps individually
-
Not Synced
don't expose the whole thing
-
Not Synced
so
-
Not Synced
So now I'm just going to delete it
-
Not Synced
and then I'm gonna add something else
-
Not Synced
Okay now I want to add another service
-
Not Synced
Maybe, ProxMox
-
Not Synced
Let's go to add the public [sub] domain
-
Not Synced
ProxMox
-
Not Synced
same thing
-
Not Synced
here's we're going to choose HTTPS instead of HTTP
-
Not Synced
and then the IP
-
Not Synced
as well as the port which is 8...
-
Not Synced
8006
-
Not Synced
and then we go to additional settings > TLS
-
Not Synced
and we enable no TLS verify
-
Not Synced
it will not check certificates
-
Not Synced
now let's save
-
Not Synced
let's try again now
-
Not Synced
NIce! Now it works
-
Not Synced
and we'll disconnect the VPN
-
Not Synced
and refresh
-
Not Synced
and it still works
-
Not Synced
Okay now before we're finishing the video
-
Not Synced
let's do
-
Not Synced
one last service which is
-
Not Synced
paperless
-
Not Synced
Since we already covered this in a previous video
-
Not Synced
We're going to see how to expose this
-
Not Synced
Why did I choose paperless because
-
Not Synced
it's a bit tricky to setup
-
Not Synced
it's not as simple as
-
Not Synced
adding the host name
-
Not Synced
So, let's see first we just add the host name of course
-
Not Synced
same thing as always
-
Not Synced
HTTPS, and then we take the URL
-
Not Synced
which is IP and Port
-
Not Synced
It chooses HTTP node to HTTPS
-
Not Synced
Service name
-
Not Synced
So first it's gonna work normally
-
Not Synced
If I try to access
-
Not Synced
Alright
-
Not Synced
Uh, but the problem is when you
-
Not Synced
try to login
-
Not Synced
You get this
-
Not Synced
error. CSRF verification failed.
-
Not Synced
Why?
-
Not Synced
We need to change some settings
-
Not Synced
to make it accessible
-
Not Synced
According to the documentation
-
Not Synced
we need to set this environment variable (PAPERLESS_URL)
-
Not Synced
Uh and uh, set it to the domain name
-
Not Synced
We used in the closer
-
Not Synced
So let's do that
-
Not Synced
go to paperless > Edit
-
Not Synced
and let's just add it as an environment variable there
-
Not Synced
PAPERLESS_URL
-
Not Synced
set it to paperless.youdomainname
-
Not Synced
make sure to add HTTPS to the beginning
-
Not Synced
and that's it
-
Not Synced
update
-
Not Synced
In case you got stuck in deploying
-
Not Synced
which was the case for me
-
Not Synced
I'm not sure why but the container paperless
-
Not Synced
just stuck like this for a long time
-
Not Synced
So what I did is stop this instance
-
Not Synced
and create another instance
-
Not Synced
using the already created datasets
-
Not Synced
So you're not going to lose anything
-
Not Synced
of your files
-
Not Synced
So let's start another instance
-
Not Synced
Let's call it paperless-cloudflare
-
Not Synced
We can change password if you want
-
Not Synced
By the way you can choose any secret key
-
Not Synced
you want. Just want some random stuff
-
Not Synced
You don't need to remember it.
-
Not Synced
Okay, add an email
-
Not Synced
just a fake email.
-
Not Synced
Password.
-
Not Synced
Now we add again environment variable
-
Not Synced
PAPERLESS_URL
-
Not Synced
HTTPS
-
Not Synced
paperless…
-
Not Synced
dot
-
Not Synced
your domain
-
Not Synced
and then we add the other host path
-
Not Synced
paperless this is the data
-
Not Synced
let's copy this
-
Not Synced
And now Media
-
Not Synced
and then Consume
-
Not Synced
and Trash
-
Not Synced
this is postscript
-
Not Synced
Make sure to check "Automatic Permissions"
-
Not Synced
Then we hit install
-
Not Synced
Let's wait [a] little bit
-
Not Synced
It works but it takes some time
-
Not Synced
Okay now it's running
-
Not Synced
Let's start it
-
Not Synced
First let's get the IP
-
Not Synced
I mean let's get the part-- IP is the same
-
Not Synced
Go back to cloudflare
-
Not Synced
Hit it
-
Not Synced
Going to put the new port
-
Not Synced
Save
-
Not Synced
Let's try now
-
Not Synced
Okay, now new password
-
Not Synced
And now it works. We don't got the error
-
Not Synced
the previous error.
-
Not Synced
And as you can see we still have the documents
-
Not Synced
as a before we didn't lost anything
-
Not Synced
We still got all our documents
-
Not Synced
Open them
Captions Requested
