help on setting up home lab (networking) (lemmy.ml)

submitted 1 day ago* (last edited 4 hours ago) by t0mri@lemmy.ml to c/linux@lemmy.ml

8 comments fedilink hide all child comments

+-----------------+
| . local server  |
+-.---------------+
< . >
< . >
< . >
< . >
< . >
+-.-----------------------+
| . serveo/localhost.run  |
+-.-----------------------+
< . >
< . >               +----------------------+
< . >               |   .   raw data       |
< . >               | < . > encrypted data |
< . >               +----------------------+
+-.----------+
| . clients  |
+------------+

hellow,

i wanna host things (nextcloud, bin, syncthing) myself but im under cg nat so i cant do it the regular way. i have to tunnel my way out. the only concern is that, the raw data is readable by the ssh server (ie. serveo/localhost.run), but i dont anyone elses eyes on my data

sorry for my broken english.

edit:

syncthing (solved): https://docs.syncthing.net/users/untrusted.html
bin (solved): https://github.com/HemmeligOrg/Hemmelig.app?tab=readme-ov-file#features
nextcloud: ???

please clarify me.

if i setup a vpn which provides encryption on my local server, can i go like this

+------------------+
|   . local server |
+-< . >------------+
 << . >>
 << . >>
 << . >>
 << . >>
 << . >>
+-< . >----------------------+
| < . > serveo/localhost.run |
+-< . >----------------------+
 << . >>
 << . >>               +-------------------------------------+
 << . >>               |    .   raw data                     |
 << . >>               |  < . > vpn encrypted data           |
 << . >>               | << . >> vpn encrypted data over tls |
 << . >>               +-------------------------------------+
+-< . >-------+
|   . clients |
+-------------+

sorry i dont know how to express this in words

top 8 comments

sorted by: hot top controversial new old

[-] bloodfart@lemmy.ml 4 points 14 hours ago

The short answer is: you can’t do this.

The long answer is: you need to go through the process of getting a server you own and have provisioned installed at some colocation/datacenter place. It will be expensive to buy the server, expensive to buy rack space, and you will need to go through significant background and security checks in order to be allowed by the company to do this.

If that sounds terrible, and it is, you can use an overlay network like nebula. It still requires that you have a “server” somewhere, but you can use a $10/yr vps to host that. Your “server” is, in nebula’s terminology, the “lighthouse” node. All it does is punch through nats so people who connect to your overlay vpn are able to see each other.

Your vps provider can still see your data on the lighthouse though, so don’t keep your root certificate on it and use unique credentials. Traffic doesn’t flow through the lighthouse, so you don’t need to worry about snooping, but it’s possible for the vps provider to add themselves to the trusted certificate and get on your vpn. So you have to have good security on your internal network.

[-] t0mri@lemmy.ml 1 points 5 hours ago

thanks for both answers. the second option, one i cant afford.

i did some research, the first the answer is partilly correct ig. for example syncthing offers password protection (https://docs.syncthing.net/users/untrusted.html) and for the bin, it provides client side encryption (https://github.com/HemmeligOrg/Hemmelig.app?tab=readme-ov-file#features) which will protect me even over plain http connection ig. please correct me if im wrong

these are product specific feature, so generally, as you said, no is the answer ig. i wish nextcloud offers something like. thanks again

[-] PureTryOut@lemmy.kde.social 14 points 1 day ago

I personally rent the cheapest VPS I could find and put Tailscale on it. My server at home then connects to that Tailscale network and the VPS runs nginx acting as a proxy forwarding everything to the server through Tailscale.

Besides having no annoying networking issues it also has the benefit that I can move houses without having to update A records to have the domain point to the new IP address because the VPS IP ofc remains the same.

[-] t0mri@lemmy.ml 1 points 5 hours ago* (last edited 4 hours ago)

wait. please clarify me.

if i setup a vpn which provides encryption on my local server, can i go like this

+------------------+
|   . local server |
+-< . >------------+
 << . >>
 << . >>
 << . >>
 << . >>
 << . >>
+-< . >----------------------+
| < . > serveo/localhost.run |
+-< . >----------------------+
 << . >>
 << . >>               +-------------------------------------+
 << . >>               |    .   raw data                     |
 << . >>               |  < . > vpn encrypted data           |
 << . >>               | << . >> vpn encrypted data over tls |
 << . >>               +-------------------------------------+
+-< . >-------+
|   . clients |
+-------------+

sorry i dont know how to express this in words

[-] schizo@forum.uncomfortable.business 2 points 17 hours ago* (last edited 16 hours ago)

Another (and to some degree more flexible AND simpler) solution is rathole: still requires you to host it somewhere, but it's got a little more flexibility.

Edit: I'm not a fan of VPN tunnels in general, because for most people all you've done is made a remote server that, if it's compromised, will have unfettered and complete access to your internal network via the VPN tunnel.

There are ways to mitigate that but, for what I suspect is the majority of people asking about how to do this, they're outside of a reasonable technical ask.

(Rathole works similar to an argo tunnel, in that it initiates a connection to the VPS, and then passes traffic limited to a specific port or application back and forth, rather than being a nice open tunnel.

[-] kionite231@lemmy.ca 4 points 1 day ago

That ASCII art breaks on mobile devices :/

[-] seaQueue@lemmy.world 5 points 1 day ago

It's mostly fine on my phone, just go landscape to see the broken bit

[-] flashgnash@lemm.ee 1 points 1 day ago

Looks fine for me using the web interface

this post was submitted on 21 Sep 2024

30 points (96.9% liked)

Linux

47372 readers

1040 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz