I’m pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn’t require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I’ve tried on the router does work, it’s just that my NAS was sitting in the DMZ. Now it works!

  • pleksi@sopuli.xyzEnglish
    4·
    4 hours ago

    I really feel like people who are beginners shouldnt play with exposing their services. When you set up Caddy or some other reverse proxy and actually monitor it with something like fail2ban you can see that the crawlers etc are pretty fast to find your services. If any user has a very poor password (or is reusing a leaked one) then someone has pretty open access to their stuff and you wont even notice unless you’re logging stuff.

    Of course you can set up 2FA etc but that’s pretty involved compared to a simple wg tunnel that lives on your router.

    • Allero@lemmy.todayOPEnglish
      1·
      1 hour ago

      For now I’m only toying around, experimenting a little - and then closing ports and turning my Pi off. I do have my NAS constantly exposed, but it is solidly hardened (firewall, no SSH, IP bans for unauthorized actions, etc. etc.), fully updated, hosts no sensitive data, and all that is important is backed up on an offline drive.

    • r0ertel@lemmy.worldEnglish
      1·
      2 hours ago

      My mantra is “plan to be hacked”. Whether this is a good backup strategy, a read-only VM, good monitoring or serious firewall rules.