I’m pretty new to selfhosting and homelabs, and I would appreciate a simple-worded explanation here. Details are always welcome!

So, I have a home network with a dynamic external IP address. I already have my Synology NAS exposed to the Internet with DDNS - this was done using the interface, so didn’t require much technical knowledge.

Now, I would like to add another server (currently testing with Raspberry Pi) in the same LAN that would also be externally reachable, either through a subdomain (preferable), or through specific ports. How do I go about it?

P.S. Apparently, what I’ve tried on the router does work, it’s just that my NAS was sitting in the DMZ. Now it works!

  • towerful@programming.devEnglish
    1·
    12 days ago

    Who is externally reaching these servers?
    Joe public? Or just you and people you trust?

    If it’s Joe public, I wouldn’t have the entry point on my home network (I might VPS tunnel, or just VPS host it).

    If it’s just me and people I trust, I would use VPN for access, as opposed to exposing all these services publicly

    • Justin@lemmy.jlh.nameEnglish
      1·
      12 days ago

      Your stuff is more likely to get scanned sitting in a VPS with no firewall than behind a firewall on a home network

    • Allero@lemmy.todayOPEnglish
      1·
      12 days ago

      Just me and the people I trust, but there are certain inconveniences around using VPN for access.

      First, I live in the jurisdiction that is heavily restrictive, so VPN is commonly in use to bypass censorship

      Second, I sometimes access my data from computers I trust but can’t install VPN clients on

      Third, I share my NAS resources with my family, and getting my mom to use a VPN every time she syncs her photos is near impossible

      So, fully recognizing the risks, I feel like I have to expose a lot of my services.

      • somewa@suppo.fiEnglish
        21·
        12 days ago

        Remember that with services facing public internet it’s not about if you get hacked but when you get hacked. It’s personal photos on someone elses hands then.

        • thermal_shock@lemmy.worldEnglish
          1·
          12 days ago

          Not sure why you’re downvote, you’re absolutely right. People scan for open ports all day long and will eventually find your shit and try to break in. In my work environment, I see thousands of login attempts daily on brand new accounts, just because something discovered they exist and want to check it out.