Homelab x security

I'm thinking about making a homelab. I'm wonder what's the best / most secure practices. I'm not in tech as a field, but I know enough that I should be careful.

If I only have a homelab available to the fellow residents of the Half_Elf_Monastery, then I don't need to open up ports on routers. I just point my/their phones to servicename.homelab.local, and then it only really works when they're at home. But what if I want it to work when we're out and about on Rumspringa or whatever is a half-elf-monastic-themed version thereof? Is it a good idea to open up ports through a home router to make homelab services available?

I wouldn't mind getting a domain and running the service for relatives, but I want to do it with some reasonable modicum of safety. What's a good idea here? How have you done this, if you have? Is your homelab for your immediate self/family/etc, or for others who don't have reliable access to your wifi?

I remember that @rqm had a unique way to do this involving a reverse proxy, but that might just have been for his gemlog capsule, and I can't find the post where he explained it.

Thanks for reading this, and for any thoughts you might have. You'd be surprised at how what comes easily to you might be a benefit to othrs who haven't climbed that far up the mountain yet.

Posted in: s/homelab

๐ŸŒฒ Half_Elf_Monk

2025-11-23 ยท 5 months ago

5 Comments โ†“

๐Ÿš€ SavaRocks ยท Nov 23 at 05:58:

you'll need a VPN. you can install wireguard easy with docker (makes it much easier) and open only the ports wireguard needs. when family connects to the VPN it will be like they are connected to the lan, no more port forwading needed

๐Ÿ’Ž Vindemiatrix ยท Nov 23 at 17:04:

Pretty sure you can configure tailscale to only allow specific LAN traffic, much easier than a conventional VPN

๐Ÿ„ sam ยท Nov 29 at 15:03:

I've also heard good things about Tailscale. I've solved this with a VPN (wireguard) for my personal use.

๐Ÿš€ devoid ยท Nov 30 at 17:50:

I set up everything the "old-fashioned way" (in this case I'd use a vpn). Are you looking for a turnkey solution or would you like to (learn how to) diy?

๐Ÿš€ stack ยท Nov 30 at 18:20:

wireguard is a pretty good solution to many problems of creating geographically wide private networks or connecting a home network to a remote machine that acts as an Internet gateway.