Honestly Cloudflare Tunnels could be a very simple way to do it. I've always had tremendous luck with it. By using CF you can let them do all the heavy lifting instead of hosting your own... as long as you trust them.

This only guarantees your WANip:8100 will map to 192.168.0.113:81, and doesn't address whether or not dns resolution is correct. I would also be weary of using port numbers on wikipedia's known ports list, as some ISPs will filter those upstream. The last thing is that your router may not want to hairpin that traffic, so if you're not coming in from the outside it might not be a valid test.

While not supportive of Big Tech, I do appreciate your piece of advice, and understand self-hosting needs differ!

P.S. Also beware, seems like there's a new attack through Tunnels:

https://www.csoonline.com/article/4009636/phishing-campaign-abuses-cloudflare-tunnels-to-sneak-malware-past-firewalls.html

I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!

Who is externally reaching these servers?
Joe public? Or just you and people you trust?

If it's Joe public, I wouldn't have the entry point on my home network (I might VPS tunnel, or just VPS host it).

If it's just me and people I trust, I would use VPN for access, as opposed to exposing all these services publicly

Actually, I do - 81 is exactly the default port for nginx proxy manager. I just tried to expose it as a testing example, and already closed it back after a success (apparently port forwarding worked just fine, it's just that DMZ messed with it)

And since we're talking about this, what do I do with it next? I have it on my Pi, how do I ensure traffic is distributed through it as a reverse proxy? Do I need to expose ports 80 and 443 and then it would work automagically all by itself?

I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!

Who is externally reaching these servers?
Joe public? Or just you and people you trust?

If it's Joe public, I wouldn't have the entry point on my home network (I might VPS tunnel, or just VPS host it).

If it's just me and people I trust, I would use VPN for access, as opposed to exposing all these services publicly

I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!

They are a plague with how prevalent they have become.

The internet shouldn’t put all its eggs into one basket.

It’s just another centralized entity which will lead to monopolized power. It goes against what we are trying to do with federated networks like Lemmy and mastodon.

I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!

I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!

Just me and the people I trust, but there are certain inconveniences around using VPN for access.

First, I live in the jurisdiction that is heavily restrictive, so VPN is commonly in use to bypass censorship

Second, I sometimes access my data from computers I trust but can't install VPN clients on

Third, I share my NAS resources with my family, and getting my mom to use a VPN every time she syncs her photos is near impossible

So, fully recognizing the risks, I feel like I have to expose a lot of my services.

I'm pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn't require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I've tried on the router does work, it's just that my NAS was sitting in the DMZ. Now it works!

Remember that with services facing public internet it's not about if you get hacked but when you get hacked. It's personal photos on someone elses hands then.

You type the ip of the rpi on the router, so from an external call the router will forward it to the rpi. Or I don't know what is your question.

Things may seem automagical in the networking scene, but you can config anything the way you want. Even in nginxproxymanager you can edit the underlying actual nginx configs with their full power. The automagic is just the default setting.

If you go with IPv6, all your devices/servers have their own IP. These IPs are valid in your LAN as well a externally.

But it's still important to use a reverse proxy (e.g. for TLS).

VPN is definitely the way to go for home networks. Your router even has one built in. OpenVPN and Wireguard are good.

If you really want to expose stuff like this the proper way is to isolate your home network from your internet exposed network using a VLAN. Then use a reverse proxy, like caddy and place everything behind it.

Another benefit of a reverse proxy is you don't need to setup https certs on everything just the proxy.

You do need a business or prosumer router for this though. Something like Firewalla or setting up a OpenWRT or OPNsense.

Synology also has there quick connect service as well. While not great if you keep UPNP off and ensure your firewall and login rate limiting is turned on it may be better then just directly exposing stuff. But its had its fair share of problems so yeah.

Consider not self hosting everything. For example if all your family cares about is private photo storage, consider using a open source E2EE encrypted service for photos on the cloud like Ente Photos. Then you can use VPN for the rest. https://www.privacyguides.org/ has some recommendations for privacy friendly stuff.

Also consider the fallout that would happen if you are hacked. If all your photos and other things get leaked because your setup was not secure was it really any better than using big tech?

If nothing else please tell me you are using properly setup https certs from Let's Encrypt or another good CA. Using a firewall and have login rate limiting setup on everything that is exposed. You can also test your SSL setup using something like https://www.ssllabs.com/ssltest/

Whispers “try proxmox”

Remember that with services facing public internet it's not about if you get hacked but when you get hacked. It's personal photos on someone elses hands then.