For now just some experiments alongside NAS
Planning to host Bitwarden, Wallabag and other niceties on the server, and then when I get something more powerful, spin up Minecraft server and stuff
Comment on ELI5: How to put several servers on one external IP?
possiblylinux127@lemmy.zip 2 days ago
What are you running?
If it is http based use a reverse proxy like Caddy
Allero@lemmy.today 2 days ago
greybeard@feddit.online 1 day ago
I'll be honest, if you aren't planning on sharing with others, I'd recommend switching to something like wireguard to connect back into your house instead of exposing everything publicly. Some firewalls have wireguard built in, so you can setup the VPN easily. But then all you have to do is keep your VPN endpoint safe to keep your internal network protected from the Internet, instead of having to worry about the security of everything you expose.
Allero@lemmy.today 1 day ago
That’s a good piece of advice, but die to several considerations (extreme censorship interrupting VPN connections, family accessing the NAS, and some others) I cannot go that route.
greybeard@feddit.online 1 day ago
There's nothing saying you can't have ports forwarded for the NAS, and have a VPN for everything else. Censorship may be a problem, but those more often block VPN services like NordVPN, not protocols. So running your own is less likely to be stopped. That said, of course comply with local laws, I don't know where you live or what's legal there.
If you really want multiple things exposed at the same time, you have two options(which can be used in combination if needed/wanted):
- A reverse proxy. I use caddy. I give it a config file that says what address and port binds to what hostname, and I forward port 443/80 to it. That works great for web content.
- Use custom ports for everything. I saw someone else walking you through that. It works, but is a little harder to remember, so good notes will be important.
I still recommend against forwarding a lot of ports as a beginner. It's very common for software and web apps to have security vulnerabilities, and unless you are really on top of it, you could get hit. Not only does that put all your internal devices at risk, not just the one that was original breached, it also will likely become part of a botnet, so your local devices will be used to attack other people. I'd recommend getting confident with your ability to maintain your services and hardening your environment first.
possiblylinux127@lemmy.zip 1 day ago
What do you mean by blocked at a protocol level? You might give it a try on a random port to see what happens.
Allero@lemmy.today 2 days ago
Update: tried Caddy, love it, dead simple, super fast, and absolutely works!
possiblylinux127@lemmy.zip 1 day ago
Did you also forward UDP port 443?
If not I would as well since it is used for QUIC which is supported and automatically turned on for Caddy.
Allero@lemmy.today 1 day ago
Yep