Nerdy #Homelab owners, what is your preferred #DynamicDNS solution and why? #SelfHosted #SelfHostedSoftware
=> More informations about this toot | More toots from unsafelyhotboots@catodon.social
@unsafelyhotboots
it’s not elegant but I use bash scripts with my dns provider. It’s usually just one curl command, but I prefer it to black box solution or external dependencies. I’ve used simple scripts with cloudflare, route53, and DO.
But I try to avoid using my dynamic IP wherever I can and use a wireguard tunnel from a tiny external VPS with a static ip.
=> More informations about this toot | More toots from amd@gts.amd.im
@amd this makes sense security wise. How beefy of a VPC do you have for that?
=> More informations about this toot | More toots from unsafelyhotboots@catodon.social
@unsafelyhotboots it’s the cheapest $2 vps I could find.
It needs zero resources. I don’t even terminate SSL there’s; it’s just a TCP/UDP proxy.
=> More informations about this toot | More toots from amd@gts.amd.im
@amd Hot diggity good to know. Got a link for a writeup/video setup of something similar to your setup?
=> More informations about this toot | More toots from unsafelyhotboots@catodon.social
@unsafelyhotboots I don’t, unfortunately. They’re probably out there but I can’t vouch for them.
Let’s use up some of the massive character count on my instance. This won’t be a complete tutorial but it should get you to where you can google around.
Shorten your DNS TTL to 5 minutes well ahead of this process.
Get ye old cheap VPS. I have had them a bunch of places. They all work, just make sure it has enough bandwidth for what you need.
I’m going to assume you’re just forwarding HTTP(S) for the sake of this post and that you’ll be ok with using Tailscale so I can hand-wave away how to set up wireguard.
You probably have some sort of ingress host in your home lab that’s routing requests from the internet to your services. Stop forwarding the ports from outside to the ingress host but leave it listening. Install Tailscale and note the hostname it’s given.
Install Tailscale on the VPS. Install nginx on the VPS. Then set up nginx to stream proxy tcp to the correct Tailscale hostname. It will look something like this and you’ll have to stop any default http listeners on these ports:
stream {
server {
listen 80
proxy_pass $ingress_hostname$:80
}
server {
listen 443
proxy_pass $ingress_hostname$:443
}
…snip…
Change dns on whatever domains you’re sending to the VPS now. Re-increase your TTL to the usual number.
Now you have everything routed to the VPS who will dutifully send it into your homelab through an encrypted tunnel and dynamic dns is a thing of the past.
=> More informations about this toot | More toots from amd@gts.amd.im This content has been proxied by September (ba2dc).Proxy Information
text/gemini