Ancestors

Written by Unsafelyhotboots on 2024-12-14 at 17:42

Nerdy #Homelab owners, what is your preferred #DynamicDNS solution and why? #SelfHosted #SelfHostedSoftware

=> More informations about this toot | More toots from unsafelyhotboots@catodon.social

Written by amd on 2024-12-14 at 19:39

@unsafelyhotboots

it’s not elegant but I use bash scripts with my dns provider. It’s usually just one curl command, but I prefer it to black box solution or external dependencies. I’ve used simple scripts with cloudflare, route53, and DO.

But I try to avoid using my dynamic IP wherever I can and use a wireguard tunnel from a tiny external VPS with a static ip.

=> More informations about this toot | More toots from amd@gts.amd.im

Written by Unsafelyhotboots on 2024-12-14 at 19:59

@amd this makes sense security wise. How beefy of a VPC do you have for that?

=> More informations about this toot | More toots from unsafelyhotboots@catodon.social

Toot

Written by amd on 2024-12-14 at 20:13

@unsafelyhotboots it’s the cheapest $2 vps I could find.

It needs zero resources. I don’t even terminate SSL there’s; it’s just a TCP/UDP proxy.

=> More informations about this toot | More toots from amd@gts.amd.im

Descendants

Written by Unsafelyhotboots on 2024-12-14 at 23:12

@amd Hot diggity good to know. Got a link for a writeup/video setup of something similar to your setup?

=> More informations about this toot | More toots from unsafelyhotboots@catodon.social

Written by amd on 2024-12-14 at 23:29

@unsafelyhotboots I don’t, unfortunately. They’re probably out there but I can’t vouch for them.

Let’s use up some of the massive character count on my instance. This won’t be a complete tutorial but it should get you to where you can google around.

Shorten your DNS TTL to 5 minutes well ahead of this process.

Get ye old cheap VPS. I have had them a bunch of places. They all work, just make sure it has enough bandwidth for what you need.

I’m going to assume you’re just forwarding HTTP(S) for the sake of this post and that you’ll be ok with using Tailscale so I can hand-wave away how to set up wireguard.

You probably have some sort of ingress host in your home lab that’s routing requests from the internet to your services. Stop forwarding the ports from outside to the ingress host but leave it listening. Install Tailscale and note the hostname it’s given.

Install Tailscale on the VPS. Install nginx on the VPS. Then set up nginx to stream proxy tcp to the correct Tailscale hostname. It will look something like this and you’ll have to stop any default http listeners on these ports:

stream {

server {

listen 80

proxy_pass $ingress_hostname$:80

}

server {

listen 443

proxy_pass $ingress_hostname$:443

}

…snip…

Change dns on whatever domains you’re sending to the VPS now. Re-increase your TTL to the usual number.

Now you have everything routed to the VPS who will dutifully send it into your homelab through an encrypted tunnel and dynamic dns is a thing of the past.

=> More informations about this toot | More toots from amd@gts.amd.im

Proxy Information
Original URL
gemini://mastogem.picasoft.net/thread/113653005153774121
Status Code
Success (20)
Meta
text/gemini
Capsule Response Time
276.984999 milliseconds
Gemini-to-HTML Time
1.313256 milliseconds

This content has been proxied by September (ba2dc).