Hi, I think I have gotten relativly familiar, with my home server settup
I have one dedicated NAS/homeserver and another one for testing and virtualization stuff.
SVR1 (NAS/Home SVR) has dual XEON E5506 CPU’s, which I might decided to drop to 2c/2t per CPU to decrease power consumption. And currently, I have 25 gb of RAM, 2x 1TB WD AV 2.5" drives, running on a IBM X3550 M3, with the fans running full power all the time. That is due to a an IMM problem.
SVR2 (Testing platform) IBM X3550 M3 with dual XEON X5570 and 48 GB of RAM, a couple of drives. Mostly fine.
I have a couple of services I would like to get access over the internet. The First one is nextcloud for my files, pushing files to server, and from there to other machines. Second one is getting access to our home CCTV system. The system uses a couple of IP-cameras, delivering video over the RTSP over TCP. We have been using an application called Tinycam pro, which allows us to monitor it. It has a way to setup to save the video if there is movement detected, and send those files to an FTP server.
I have been thinking of getting the two of these sources available over the internet, but I am not sure how to do that securily. My public IP address is static, and I can setup port-forwarding on that router.
What things do I need to take account? Should I look at deploying a VPN, or something totally else?
VPN for remote access. Either Wireguard or OpenVPN. Check out WG-Easy, its a docker container that makes WG Easy
For Nextcloud, you’ll want to setup external DNS through something like CloudFlare (Free) and then setup a reverse proxy like nginx Proxy Manager, and port forward 80/TCP and 443/TCP to the IP of the nginx server, and then just make an entry in nginx back to Nextcloud
If you use CloudFlare you can also use their tunnel server, caching, all that jazz
Be aware that opening your firewall introduces a whole new level of risk to your network. Even if you maximum secure the access point, it’s still an attack vector for malicious/criminal botnets to try and exploit. Unless you know what you’re doing security wise, don’t open your firewall.
Case in point: I’m an advanced user, but I keep my firewall closed at all times.
Allright, thanks for all the ideas!
I will be looking more in the VPN solutions
Currelty, I have tried a couple of times to get the wireguard installed on my server, but the issue is that I would need to setup that into a container, since I cannot get the linux base CLI to install it.
And yes, I have some idea about networking etc
I did my CCNA ITN course last spring, but this is in reality beyond that knowledge.
Edit
That WG-easy container looks good, might end up going with that, and then the fun part. DNS.
Not my favorite thing to touch, but I can deal with it.
I would say cloudflare would be the easier option based on this, setting up and DNS server isn’t probably the greatest option for me, due to my setup being behind NAT atm. And I need to make sure that other devices on the network used with VPN’s for work purposes still continue running.
Or just setting up a completely seperate LAN, since if I understood corretly, our ISP provides up to 5 IPv4 public ip addresses with our service plan. But that would require some major network overhauls.
And we are most likely switching ISP’s after the change of year, when (hopefully) our too good to be real fiber deal actually comes to install.
But IDK what the situation will be after the change.
Or the company running the fiber goes bankrupt.
Since our deal was to pay 400e for the physical work, and for 2 years, Full duplex gigabit for 4e more montly than our current hybrid ADSL 100/100
