What ever you want? I would start by creating a virtual environment out of the gate if you have some hardware. Find yourself a minipc and then install Proxmox. From there you can create a single VM to play with. I would start by installing Nextcloud AIO in a Debian VM once you have an environment to play in.
(Side note: Make sure to follow good practices. Feel free to ask if you want more information)
(Side note: Make sure to follow good practices. Feel free to ask if you want more information)
Not OP, but I’d like some more information about following good practices, please, especially in terms of “the best way” to make services available outside my lan (forwarding ports vs. a reverse proxy vs. a tunnel vs. a vpn – assuming some of those terms aren’t the same thing and I’m too much of a noob to realize).
You really should not directly expose services to the public internet. That opens up high levels of risk and anything you do expose needs to be monitored and isolated from everything else.
I would start by creating a separate subnet for your homelab. You should setup firewall rules to disallow traffic to pass between them. For exposing services to your internal lan you should set up basic port forwards.
For remote access you should setup a VPN. Wireguard is going to have the best performance and you can either host it at home or use a mesh VPN solution like netbird or Tailscale.
If you must expose something to the internet be very careful. You should follow least privilege always and restrict access to everything the exposed service doesn’t need. Lastly you should assume that you system will be compromised so make sure you have backups.
For me I don’t have a static IP so I created a VPS in Linode and then setup Wireguard with a reverse proxy to route traffic into my homelab. This approach is better than exposing your home IP in my option as it moves your Internet activity and hosted services to different IPs. Its not totally unheard of to have a shady website scan your IP for open services that can be exploited.
Another though: you also could set up a honeypot to see attacks in real time. There are tools to do this and it would show you what your up against.
What ever you want? I would start by creating a virtual environment out of the gate if you have some hardware. Find yourself a minipc and then install Proxmox. From there you can create a single VM to play with. I would start by installing Nextcloud AIO in a Debian VM once you have an environment to play in.
(Side note: Make sure to follow good practices. Feel free to ask if you want more information)
Not OP, but I’d like some more information about following good practices, please, especially in terms of “the best way” to make services available outside my lan (forwarding ports vs. a reverse proxy vs. a tunnel vs. a vpn – assuming some of those terms aren’t the same thing and I’m too much of a noob to realize).
You really should not directly expose services to the public internet. That opens up high levels of risk and anything you do expose needs to be monitored and isolated from everything else.
I would start by creating a separate subnet for your homelab. You should setup firewall rules to disallow traffic to pass between them. For exposing services to your internal lan you should set up basic port forwards.
For remote access you should setup a VPN. Wireguard is going to have the best performance and you can either host it at home or use a mesh VPN solution like netbird or Tailscale.
If you must expose something to the internet be very careful. You should follow least privilege always and restrict access to everything the exposed service doesn’t need. Lastly you should assume that you system will be compromised so make sure you have backups.
For me I don’t have a static IP so I created a VPS in Linode and then setup Wireguard with a reverse proxy to route traffic into my homelab. This approach is better than exposing your home IP in my option as it moves your Internet activity and hosted services to different IPs. Its not totally unheard of to have a shady website scan your IP for open services that can be exploited.
Another though: you also could set up a honeypot to see attacks in real time. There are tools to do this and it would show you what your up against.
I would start with a tailscale network.
Maybe take a look at this: https://tailscale.com/blog/docker-tailscale-guide