[SOLVED] ELI5: How to put several servers on one external IP?
-
Your stuff is more likely to get scanned sitting in a VPS with no firewall than behind a firewall on a home network
Unless your home internet is CG-NAT, both have a publicly accessible IP address, so both will be scanned
-
It seems you are missing some very basic knowledge, if you have questions like this. Watch/read some tutorials to get the basics, than ask specific questions.
This guy does the same thing as you: https://www.youtube.com/watch?v=yLduQiQXorc
This was like the 3rd result for searching for nginxproxymanager on yt.
wrote last edited by [email protected]Guess I am going ahead of myself, yes, which gets even more complicated by having another server (Synology NAS) already installed and messing with networking a little, as internal settings appear to expect the NAS to be the only exposed thing on the network.
Thanks for the link! I've seen that thumbnail, but most guides are solely focused on actually installing Nginx Proxy Manager, which is the easy part, and skip the rest, so I glanced that one over.
P.S. Looks like I did everything right, I just need to sort my SSL stuff to work properly.
-
I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!
So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.
Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?
P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!
The synology NAS can act as a reverse proxy for stuff inside your network. I don't have mine in front of me, so you will have to google the steps, but basically you point the synology to an internal resource and tell it what external subdomain it should respond to.
-
I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!
So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.
Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?
P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!
wrote last edited by [email protected]Good to hear you figured it out with router settings. I'm also new to this but got all that figured out this week. As other commenters say I went with a reverse proxy and configured it. I choose caddy over nginx for easy of install and config. I documented just about every step of the process. I'm a little scared to share my website on public fourms just yet but PM me ill send you a link if you want to see my infrastructure page where I share the steps and config files.
-
The synology NAS can act as a reverse proxy for stuff inside your network. I don't have mine in front of me, so you will have to google the steps, but basically you point the synology to an internal resource and tell it what external subdomain it should respond to.
Yes, I know where this feature is in the settings, but it's got its own issues and I also turn the NAS off for the night, so it's not an option for me.
-
Good to hear you figured it out with router settings. I'm also new to this but got all that figured out this week. As other commenters say I went with a reverse proxy and configured it. I choose caddy over nginx for easy of install and config. I documented just about every step of the process. I'm a little scared to share my website on public fourms just yet but PM me ill send you a link if you want to see my infrastructure page where I share the steps and config files.
Thanks, I will! Wise of you not to share it publicly for security reasons
-
I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!
So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.
Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?
P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!
You already have a lot of good answers ... but I got one more to add.
I have a very similar setup on my homelab and I'm using a Cloudflare tunnel.
It's a free service and it's really good because it allows you to expose web services and specific ports for remote access over dynamic IPs without having to expose your own router.
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
-
You already have a lot of good answers ... but I got one more to add.
I have a very similar setup on my homelab and I'm using a Cloudflare tunnel.
It's a free service and it's really good because it allows you to expose web services and specific ports for remote access over dynamic IPs without having to expose your own router.
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
wrote last edited by [email protected]Thanks! I got that advice as well, but I would like to keep it self-hosted - I consider using Pangolin on a VPS for that purpose going forward: https://github.com/fosrl/pangolin
Also, beware of the new attack on Cloudflare Tunnel:
https://www.csoonline.com/article/4009636/phishing-campaign-abuses-cloudflare-tunnels-to-sneak-malware-past-firewalls.html -
Yes, I know where this feature is in the settings, but it's got its own issues and I also turn the NAS off for the night, so it's not an option for me.
Why do you turn off the NAS at night? Reminds me of my grandparents turning off the wifi at night.
-
Yes, I know where this feature is in the settings, but it's got its own issues and I also turn the NAS off for the night, so it's not an option for me.
then its not selfhosting.
-
Why do you turn off the NAS at night? Reminds me of my grandparents turning off the wifi at night.
wrote last edited by [email protected]Drives are somewhat noisy (even though I took fairly quiet ones) and I appreciate total silence at night. Unfortunately, I don't have many places to put it outside my single room, so there's that.
I'd love to move to SSDs for storage at some point (I know it's controversial, but they would fit my use case better), but for now it's too expensive for me.
-
then its not selfhosting.
In what way? It is a physical server located in my bedroom, sharing resources online.
-
Drives are somewhat noisy (even though I took fairly quiet ones) and I appreciate total silence at night. Unfortunately, I don't have many places to put it outside my single room, so there's that.
I'd love to move to SSDs for storage at some point (I know it's controversial, but they would fit my use case better), but for now it's too expensive for me.
Ahh, that's valid. I've been wanting to build a (relatively) small 16TB SSD NAS for video editing, after which I could dump footage to my main NAS. SSD NAS systems can definitely make sense depending on your use case. Hell, you can even game off of them if you've got 10gig networking.
-
Ahh, that's valid. I've been wanting to build a (relatively) small 16TB SSD NAS for video editing, after which I could dump footage to my main NAS. SSD NAS systems can definitely make sense depending on your use case. Hell, you can even game off of them if you've got 10gig networking.
wrote last edited by [email protected]I'd love to eventually have a 10gbps LAN, yep
I'd also love to explore the technology going into cloud gaming, so not only would I launch games using files laying on the server, but could actually play them everywhere from my energy efficient potato laptop
But that's long ahead and more of an "if it even works properly"
-
Pretty solid!
Though insta-ban on everything :80/443 may backfire - too easy to just enter the domain name without subdomain by accident.Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.
-
Not sure why you're downvote, you're absolutely right. People scan for open ports all day long and will eventually find your shit and try to break in. In my work environment, I see thousands of login attempts daily on brand new accounts, just because something discovered they exist and want to check it out.
Those who have not been burned yet often don't expect it to happen to them. Usually it isn't anything big causing it but some typo in a config or software not updated on time.
-
In what way? It is a physical server located in my bedroom, sharing resources online.
Dude above you over is under the perception that it requires 100% uptime or other users to to be classified, which is wrong. You are definitely self hosting, albeit only for yourself I assume. Which is fine
-
Thanks! I got that advice as well, but I would like to keep it self-hosted - I consider using Pangolin on a VPS for that purpose going forward: https://github.com/fosrl/pangolin
Also, beware of the new attack on Cloudflare Tunnel:
https://www.csoonline.com/article/4009636/phishing-campaign-abuses-cloudflare-tunnels-to-sneak-malware-past-firewalls.htmlThis attack targets end users, not Cloudflare tunnel operators (i.e. self-hosters). It abuses Cloudflare Tunnels as a delivery mechanism for malware payloads, not as a method to compromise or attack people who are self-hosting their own services through Cloudflare Tunnels.
-
While not supportive of Big Tech, I do appreciate your piece of advice, and understand self-hosting needs differ!
P.S. Also beware, seems like there's a new attack through Tunnels:
Again, attack targets end users, not Cloudflare tunnel operators: It abuses Cloudflare Tunnels as a delivery mechanism for malware payloads, not as a method to compromise or attack people who are self-hosting their own services through Cloudflare Tunnels.
-
I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!
So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.
Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?
P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!
What are you running?
If it is http based use a reverse proxy like Caddy
