ed25519 verify key: 6614c7acfe8e7419bbc26709d7f0fdcc55d8258f205a95173ce37e42e1715462

  • 0 Posts
  • 11 Comments
Joined 2 years ago
cake
Cake day: June 23rd, 2023

help-circle








  • It’s probably a bit dangerous to expose your internal network in this way. If you really want a server running at home, there are interesting services which provide that for a fee, or you could set up a “reverse ssh proxy”.

    It’s easier to do on some flavor of Linux, but you will set up a background service to ssh to a cloud server you rent, which links a local port on the cloud server to a local port on your home computer. You can then run a web service like caddy server on the cloud server to securely serve this port.

    I realize this sounds rather complex, but something to look into and learn.

    Your Caddyfile on the cloud server will look something like this:

    my_subdomain.my_domain.com {
        reverse_proxy / {
            to 127.0.0.1:8081
        }
        encode gzip
    }
    

    And the service on your local will look something like this:

    [Unit]
    Description=Keeps a reverse tunnel to '<your cloud server ip>' open on port 8081 on the remote server
    After=network-online.target
    
    [Service]
    Environment="AUTOSSH_GATETIME=0"
    ExecStart=/usr/bin/autossh -N -M 10986 -o "PubKeyAuthentication=yes" -o "PasswordAuthentication=no" -o "ExitOnForwardFailure=yes" -R 8081:127.0.0.1:8080 root@<your cloud server ip> -i <path to your ssh key> -p 2097
    
    ExecStop=/bin/kill $MAINPID
    Restart=always
    RestartSec=5
    
    [Install]
    WantedBy=multi-user.target
    

    You will have to allow ssh on a non standard port (arbitrarily 2097 here), that way you can still use ssh on the standard port 22. I have some services running like this through a NAT for years.