How to Homelab: Considerations for adding a Domain to your Gear

Поділитися
Вставка
  • Опубліковано 28 гру 2024

КОМЕНТАРІ • 52

  • @nkmicros540
    @nkmicros540 3 роки тому +32

    You are one of those rare youtubers when you should give thumbs up even before the video starts. =-)

    • @gorillaau
      @gorillaau Рік тому

      Yes, volume is good. Presentation assumes little but doesn't over explain as a deep dive into the side subject, as this is not a "deep subject" tutorial.

  • @minibit0103
    @minibit0103 3 роки тому +7

    I’m in a masters degree for “CyberSecurity”. I have learned more from your tutorials about security best practices and hardware/software information. I’m currently following your low power build guide to build out my first home lab. I had trepidation on going beyond just using my current PC and VMware desktop, to purchasing dedicated hardware for servers but I have decided to take the leap. Thank you for the amazing content, it keeps me motivated to learn and expand my knowledge bank.

  • @samo9288
    @samo9288 3 роки тому +3

    Question about your port forward rules at 27:00. Why is the Dest. Address "proxy_external_ip" instead of WAN address like the others?

    • @kingrpriddick
      @kingrpriddick Рік тому

      Probably more than one public IP so personal vs lab or personal vs business. A business line from an ISP often comes with 3 or 5 or more public IPs.

  • @sdad1969
    @sdad1969 3 роки тому +2

    loved it. Explained it so simply that a simple Joe like me could understand it in the first go! Great job.

  • @MrMcp76
    @MrMcp76 3 роки тому +1

    Fantastic. Great info and stated clearly. It's hard to find content like this which provides a deep enough dive without going too deep into the weeds and getting sidetracked.

  •  3 роки тому +5

    This is me being "the internet" to tell you you're wrong. But not in a mean way. I think you do great work and appreciate much of your content, like your Ansible series. However, I believe it is worth clarifying your description of a typical residential network topology. In my experience, there is no DNS server in the "router" device in most residential networks. Instead, there is both a DHCP server and client. The client listens on the "WAN" side and is assigned an IP address and one or more DNS server addresses. Those DNS servers are typically operated by the Internet Service Provider. The residential gateway device (a.k.a. "router") merely "parrots" the DNS server addresses it was assigned by the ISP to the in-home devices when assigning them network configurations in response to DHCP requests from devices connecting to the LAN ports or via WLAN (home WiFi). So there is no DNS running on the "router" as you show in your diagram. DNS requests from in-home devices merely pass through the residential gateway / "router" like any other IP traffic. Maybe things are different with your provider? PfSense does run a DNS resolver, and that is why you can so easily create a FQDN for your internal LAN clients. Most of your residential viewers, however, likely would have to stand up their own DNS server and then modify their gateway device (router) configuration to serve that internal IP address as the Primary DNS Server address in its DHCP responses. Better, if they are going to stand up DNS inside their home LAN, they should probably also make that a DHCP server as well because (like with PfSense), it can be integrated with the DNS server to auto-generate DNS entries for local devices inside the home. Of course, it would be important for the DHCP server on the "router" device be disabled so that the two won't conflict. Fun, fun stuff!

  • @camerontgore
    @camerontgore 3 роки тому +5

    @LearnLinuxTV Please do a follow-up video on building our own DNS server!

  • @ArturBrandys
    @ArturBrandys 3 роки тому

    I have just added my private domain to my router (Asus RT-N12+) settings and now I can ping my laptops using fully qualified domain names. Thanks :)

  • @Tom_Azin
    @Tom_Azin 3 роки тому

    Jay you nailed it! This is by far the best and simplest explanation that I could find. Thank you!

  • @innesleroux9439
    @innesleroux9439 2 роки тому

    Thank you so much for this! All I needed was how to specify the key location. Could not figure it out. Your video made this clear.

  • @Felix-ve9hs
    @Felix-ve9hs 3 роки тому +3

    This is exactly what I have been searching for, thanks a lot :^)

  • @jotdot
    @jotdot 3 роки тому +1

    do you have a video that talks about https forwarding with proxy like do you leave it off on the actual server and only have the proxy server handle the HTTPs curts

  • @valterschmaltz
    @valterschmaltz 3 роки тому +4

    I use pihole for local hosts. I also have my own domain name, I use cloudflare to manage it for free, it also has a docker ddns app that keeps checking for IP change. I also use nginx Proxy manager to access all my apps with HTTPS

    • @ryanbell85
      @ryanbell85 3 роки тому

      Can you use Nginx Proxy manager for both Docker and non-Docker related applications? I've been using Traefik in my Docker server recently but I'd like to expose my other applications outside of Docker as well but I don't think I can do that with Traefik.

    • @valterschmaltz
      @valterschmaltz 3 роки тому

      @@ryanbell85 yes you definitely can, it can be used as proxy for any app running on any host.

  • @Thomas_Grusz
    @Thomas_Grusz Рік тому

    Great video, thanks Jay!

  • @voiceoftreason1760
    @voiceoftreason1760 3 роки тому +2

    Can you maybe do another more in depth tutorial on how to set up virt-manager with bridged networking using the gnome tools? I wanted to switch from Virtualbox to kvm with virt-manager which I did succesfully, but I haven't been able to set it up so I can connect to VMs over the network with a vnc connection, or for example reach a website running on a VM. I am using Arch Linux with gnome and systemd networking, and want to have a VM on the same local IP space as my LAN hosts, so 192.168.1.{1..100}. (above 100 is dhcp). Maybe this can't be configured only with GUI tools (nm-connection-editor), but also needs some configuration file editing. It is definitely not as easy as Virtualbox unfortunately.

  • @nationalibus9896
    @nationalibus9896 3 роки тому

    Hello Jay.
    Thanks for the video. Good jog.
    Do you mind to share witch pfsense appliance do you use/recommend for home users?
    -
    Alex

  • @MarkParkTech
    @MarkParkTech 3 роки тому +1

    I personally use a domain controller on my Linux network, but I've operated for years without one - The main reason I use one now is automatic DNS population for systems on my network, without having to worry about systems with dynamic IP's and what not. I can of course just set everything up static and do it manually and I do know how to do this, but I find that having a DC just makes my life easier in this regard. I do use samba 4 as my domain controller. Do you have or know of any example of Linux/BSD specific alternatives that can achieve similar results? I'd be interested in know what is out there.

    • @DrDingus
      @DrDingus Рік тому

      Can't pfsense do automatic DNS population? Or is that something different?

  • @TiagoJoaoSilva
    @TiagoJoaoSilva 3 роки тому

    Samba, if you compile it from source, can host an Active Directory database, simulate a Domain Controller and can be managed with Windows tools (RSAT). I can't quite recall if there's a samba-ad-dc package available in Ubuntu. But you still have to do more work to integrate isc-dhcp and bind9 with Samba to get something that behaves like a Windows DC. SambaWiki has everything you need. If you don't need user and device management, the stuff in pfSense is enough to have a DNS domain name accepted externally and reverse proxies to internal servers. Just take care to secure all that stuff, it's the Wild West out there.

  • @cglegg
    @cglegg 3 роки тому

    Amazing! Thank you.

  • @piotrpytkowski1542
    @piotrpytkowski1542 Рік тому

    Hi Jay, consider video about bind9 configuration - subject is hard!

  • @samuelgodfreyhendrix
    @samuelgodfreyhendrix 3 роки тому

    In my experience, most residential IP addresses are effectively static with them only changing if you make the ISP’s internal DHCP server think it is talking to a different device (change in MAC address, hostname, etc on your router).

    • @MrMcp76
      @MrMcp76 3 роки тому +1

      It can also change if you disconnect your modem for maybe 5 minutes or longer. Depends on the ISP and how long they hold a lease for you before releasing it. When your ISP tells you they are going to reset your connection during troubleshooting steps they are probably performing a release/renew of that address.

  • @Kenny_Ded
    @Kenny_Ded 3 роки тому +1

    Where did the second Raspberry Pi "stack" in your rack go?

    • @brandongraham3509
      @brandongraham3509 3 роки тому

      Preparation for Shenanigans probably.
      Either that or pulled about for the 11 pi cluster Jay's mentioned.

  • @propnut7085
    @propnut7085 3 роки тому

    fantastic video..

  • @Hybrid.Robotics
    @Hybrid.Robotics 3 роки тому +1

    A better way to configure this would be to have your local domain be something like mydomain.aaa and they have your computers be a.mydomain.aaa, b.mydomain.aaa, c.mydomain.aaa, etc. You *should* be able to set the local domain in your router to mydomain.aaa. Then, any requests for *.**mydomain.aaa** would be routed to your local router. If you have a hosts file configured on one of your local computers, it would have the mapping of names to IP addresses and your router could send all requests for **mydomain.aaa** to that local computer which could forward to the requested computer on your local network. I do not think this would be too difficult for most people to set up. It is possible that you *may* even be able to set the equivalent to a hosts file in your router.

  • @apoorv9492
    @apoorv9492 3 роки тому +2

    Can you talk about OpenWRT?

  • @Charlie8913
    @Charlie8913 3 роки тому

    What i totally missed was talking about certificates for HTTPS. They are the only reason why i switched from the fake ".lan" domain to a domain i bought, so i can have https on all my internal services via let's encrypt (wildcard-certificate via dns challenge so my internal hostnames can't be looked up from anybody). With the .lan domain i manually created certificates with my own certificate authority (via the TrueNAS webinterface), but this own CA certificate needed to be installed on all devices, made issues on some Android apps and needed to be built into some docker containers so it was much more complicated to set up.
    I wish i was much older so i could have got a chance to get one of the really short domain names, something short like i.e. "k.de", there's no chance to get one of them nowadays and that's the only downside of using a real domain...

  • @omnipitentevanescen
    @omnipitentevanescen Рік тому

    IF I understood the concepts correctly, I can actually set my domain in my home-network to whatever I want, at risk of it denying me a real website with the same name, and as long as I don't have any of my services port forwarding to the public internet, I wont interrupt anyone else's access to a website and bring them to a machine in my home-lab. If I wanted to access my home-lab from the outside, I could use a proxy and or a VPN. Just because I want to setup and learn through doing, but I don't want to pay for a domain yearly, and as long as it isn't accessible outside my home network I should be fine?

  • @NFvidoJagg2
    @NFvidoJagg2 3 роки тому

    technically wouldn't the pfsense router be the domain controller since it's dictating the domain? granted it's not doing LDAP functionality but that would be outside of this tutorial.

    • @GeoffSeeley
      @GeoffSeeley 3 роки тому +2

      No. In Windows terms, a domain controller is used to sync Active Directory which is just LDAP with some Windows specific features. AD is usually a source of authentication and authorization (Users and Groups). It doesn't have to have DNS services, but it's usually recommended to have DNS on your DC as well. This video focuses strictly on the DNS component.

  • @Steamrick
    @Steamrick 3 роки тому

    Okay, I have one question left: Why would I bother to add a domain to my home network? What's the advantage of having a domain if you don't have a domain controller to do any controlling with?

    • @JordanKetterer
      @JordanKetterer 2 роки тому

      you can more easily navigate around your home network with FQDM and hostnames then, this is great for many things including SSH and any other service

  • @jimmithfarrel8986
    @jimmithfarrel8986 2 роки тому

    You didn't explain how to point your domain registrar to know your DNS server as authoritative to resolve the IPs for those web servers.

  • @ShawnLivesInItaly
    @ShawnLivesInItaly 3 роки тому

    Thanks

  • @kjakobsen
    @kjakobsen 3 роки тому +2

    In a purely Linux envirenment, a domaincontroller wouldnøt be necessary. But you could still use, an LDAP server instead. OpenLDAP, FreeIPA etc. Actually cool technology to setup. :)

    • @JordanKetterer
      @JordanKetterer 2 роки тому

      i would love to see this for home use, with roaming home files that sync and allow more users and shared privileges and control over clients..... iv been using cockpit for admin and could learn ansible to get similar but have not quite that far yet

  • @helvettefaensatan
    @helvettefaensatan Рік тому

    What is stopping a nefarious café WiFi owner from spoofing DNS?

  • @voiceoftreason1760
    @voiceoftreason1760 2 роки тому

    What did you make the diagrams with here? I thought maybe draw.io but I didn't find these nice computer and wireless router icons in there

  • @noweare1
    @noweare1 Рік тому

    From my desktop in order to reach my server using its external addressI had to use fully qualified domain name . If I use ping using only host name the ip address of the server was its internal ip address. Whats funny is the time was faster using the FQDN.

  • @arcticjoe1142
    @arcticjoe1142 3 роки тому

    Jay I love your videos, man. But jeez, way too many commercials.

  • @Charlie8913
    @Charlie8913 3 роки тому

    Instead of "local.lan" one could just use "lan", used that for many years.
    Don't pay for a dynamic DNS service, there are free ones like duckdns and freedns. Or maybe you bought a domain, the domain registrar might offer a dynamic DNS service for free to their customers (mine does).

  • @rashie
    @rashie 3 роки тому

    👍👍

  • @gdvissch
    @gdvissch 3 роки тому

    Isn’t what you call the proxy server actually a reverse proxy server? Maybe too detailed for the audience you had in mind but then again, if you start forwarding ports from the Internet, you’d better know what you are doing.

  • @chillnacho
    @chillnacho 9 місяців тому

    What happened to this series?

  • @GrishTech
    @GrishTech 3 роки тому +2

    Never use .local
    I never understood why I come across Windows domain environments with .local being used. At least make it a subdomain of your company.

  • @eleander
    @eleander Рік тому

    I'm 5 minutes into the video and somehow this guy is still babbling on about some simplification of what dns is. Mateeee