I need help figuring out where I am going wrong or being an idiot, if people could point out where…

I have a server running Debian 12 and various docker images (Jellyfin, Home Assistant, etc…) controlled by portainer.

A consumer router assigns static Ip addresses by MAC address. The router lets me define the IP address of a primary/secondary DNS. The router registers itself with DynDNS.

I want to make this remotely accessible.

From what I have read I need to setup a reverse proxy, I have tried to follow various guides to give my server a cert for the reverse proxy but it always fails.

I figure the server needs the dyndns address to point at it but I the scripts pick up the internal IP.

How are people solving this?

  • Presi300@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    Wireguard, simply connect to it whenever I’m out somewhere and boom, instant access to everything on my local network

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    7 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CF CloudFlare
    CGNAT Carrier-Grade NAT
    DNS Domain Name Service/System
    HTTP Hypertext Transfer Protocol, the Web
    IP Internet Protocol
    NAT Network Address Translation
    SSL Secure Sockets Layer, for transparent encryption
    SSO Single Sign-On
    TLS Transport Layer Security, supersedes SSL
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)
    nginx Popular HTTP server

    [Thread #695 for this sub, first seen 21st Apr 2024, 07:55] [FAQ] [Full list] [Contact] [Source code]

  • Jeena@jemmy.jeena.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    7 months ago

    I am using duckdns.org and let my router ping it when it’s public IP changes. Then I use nginx as a reverse proxy with help of https://nginxproxymanager.com/ so I don’t need to write config files and it also runs certbot for my so I don’t need to deal with https manually.

    Actually I also have my own domain so I use a subdomain pointing via CNAME to the duckdns subdomain. This way I can easily change the provider of dyndns.

  • redcalcium@lemmy.institute
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    By “remotely accessible”, do you mean remotely accessible to everyone or just you? If it’s just you, then you don’t need to setup a reverse proxy. You can use your router as a vpn gateway (assuming you have a static ip address) or you can use tailscale or zerotier.

    If you want to make your services remotely accessible to everyone without using a vpn, then you’ll need to expose them to the world somehow. How to do that depends on whether you have a static ip address, or behind a CGNAT. If you have a static ip, you can route port 80 and 443 to your load balancer (e.g. nginx proxy manager), which works best if you have your own domain name so you can map each service to their own subdomain in the load balancer. If you’re behind a GCNAT, you’re going to need an external server/vps to route traffics to its port 80 and 443 into your home network, essentially granting you a static ip address.

    • lud@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      You don’t need a static IP to host a VPN. You can do it using a dynamic DNS which updates the DNS records to match your IP when/if it changes. You do need a public IP though, so CGNAT goes straight out.

  • mothar@lemmings.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    The easiest and quickest way thats still safe is to just use tailscale.

    Its a zero config VPN that you can install on all your devices. I’ve been using it for quite some time now and I’m still fascinated by how easy to use it is.

    • Mir@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      I would want to go that appros but it feels very inconvenient having to connect to VPN every time I want to check something, also the battery drain if I stayed connected all the time

      • WASTECH@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        I’ve been using Tailscale for about 2 months now. It has a VPN-on-demand setting that I keep enabled. That way, anytime I am not on my local WiFi, it automatically connects the VPN. According to my battery health settings, Tailscale has used 5% of my battery in the last 10 days. And I am even using a Mullvad exit node, which would use even more battery.

  • d3Xt3r@lemmy.nz
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    It’s easiest to just register a domain name and use Couldflare Tunnels. No need to worry about dynamic DNS, port forwarding etc. Plus, you have the security advantages of DDoS protection and firewall (WAF). Finally, you get portability - you can change your ISP, router or even move your entire lab into the cloud if you wanted to, and you won’t need to change a single thing.

    I have a lab set up on my mini PC that I often take to work with me, and it works the same regardless of whether it’s going thru my work’s restricted proxy or the NAT at home. Zero config required on the network side.

    • ___@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      Just be careful as DNS and federated requests can leak your real ip even through the CF proxy.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        If you’re only exposing your services through a cloudflare tunnel, it doesn’t even matter if they get your real IP.