I’m in a masters degree for “CyberSecurity”. I have learned more from your tutorials about security best practices and hardware/software information. I’m currently following your low power build guide to build out my first home lab. I had trepidation on going beyond just using my current PC and VMware desktop, to purchasing dedicated hardware for servers but I have decided to take the leap. Thank you for the amazing content, it keeps me motivated to learn and expand my knowledge bank.
@nkmicros5403 жыл бұрын
You are one of those rare youtubers when you should give thumbs up even before the video starts. =-)
@gorillaau Жыл бұрын
Yes, volume is good. Presentation assumes little but doesn't over explain as a deep dive into the side subject, as this is not a "deep subject" tutorial.
@MrMcp763 жыл бұрын
Fantastic. Great info and stated clearly. It's hard to find content like this which provides a deep enough dive without going too deep into the weeds and getting sidetracked.
@sdad19693 жыл бұрын
loved it. Explained it so simply that a simple Joe like me could understand it in the first go! Great job.
@Tom_Azin3 жыл бұрын
Jay you nailed it! This is by far the best and simplest explanation that I could find. Thank you!
@samo92883 жыл бұрын
Question about your port forward rules at 27:00. Why is the Dest. Address "proxy_external_ip" instead of WAN address like the others?
@kingrpriddick Жыл бұрын
Probably more than one public IP so personal vs lab or personal vs business. A business line from an ISP often comes with 3 or 5 or more public IPs.
@innesleroux94392 жыл бұрын
Thank you so much for this! All I needed was how to specify the key location. Could not figure it out. Your video made this clear.
@ArturBrandys3 жыл бұрын
I have just added my private domain to my router (Asus RT-N12+) settings and now I can ping my laptops using fully qualified domain names. Thanks :)
@Felix-ve9hs3 жыл бұрын
This is exactly what I have been searching for, thanks a lot :^)
@camerontgore3 жыл бұрын
@LearnLinuxTV Please do a follow-up video on building our own DNS server!
3 жыл бұрын
This is me being "the internet" to tell you you're wrong. But not in a mean way. I think you do great work and appreciate much of your content, like your Ansible series. However, I believe it is worth clarifying your description of a typical residential network topology. In my experience, there is no DNS server in the "router" device in most residential networks. Instead, there is both a DHCP server and client. The client listens on the "WAN" side and is assigned an IP address and one or more DNS server addresses. Those DNS servers are typically operated by the Internet Service Provider. The residential gateway device (a.k.a. "router") merely "parrots" the DNS server addresses it was assigned by the ISP to the in-home devices when assigning them network configurations in response to DHCP requests from devices connecting to the LAN ports or via WLAN (home WiFi). So there is no DNS running on the "router" as you show in your diagram. DNS requests from in-home devices merely pass through the residential gateway / "router" like any other IP traffic. Maybe things are different with your provider? PfSense does run a DNS resolver, and that is why you can so easily create a FQDN for your internal LAN clients. Most of your residential viewers, however, likely would have to stand up their own DNS server and then modify their gateway device (router) configuration to serve that internal IP address as the Primary DNS Server address in its DHCP responses. Better, if they are going to stand up DNS inside their home LAN, they should probably also make that a DHCP server as well because (like with PfSense), it can be integrated with the DNS server to auto-generate DNS entries for local devices inside the home. Of course, it would be important for the DHCP server on the "router" device be disabled so that the two won't conflict. Fun, fun stuff!
@jotdot3 жыл бұрын
do you have a video that talks about https forwarding with proxy like do you leave it off on the actual server and only have the proxy server handle the HTTPs curts
@valterschmaltz3 жыл бұрын
I use pihole for local hosts. I also have my own domain name, I use cloudflare to manage it for free, it also has a docker ddns app that keeps checking for IP change. I also use nginx Proxy manager to access all my apps with HTTPS
@ryanbell853 жыл бұрын
Can you use Nginx Proxy manager for both Docker and non-Docker related applications? I've been using Traefik in my Docker server recently but I'd like to expose my other applications outside of Docker as well but I don't think I can do that with Traefik.
@valterschmaltz3 жыл бұрын
@@ryanbell85 yes you definitely can, it can be used as proxy for any app running on any host.
@Thomas_Grusz Жыл бұрын
Great video, thanks Jay!
@voiceoftreason17603 жыл бұрын
Can you maybe do another more in depth tutorial on how to set up virt-manager with bridged networking using the gnome tools? I wanted to switch from Virtualbox to kvm with virt-manager which I did succesfully, but I haven't been able to set it up so I can connect to VMs over the network with a vnc connection, or for example reach a website running on a VM. I am using Arch Linux with gnome and systemd networking, and want to have a VM on the same local IP space as my LAN hosts, so 192.168.1.{1..100}. (above 100 is dhcp). Maybe this can't be configured only with GUI tools (nm-connection-editor), but also needs some configuration file editing. It is definitely not as easy as Virtualbox unfortunately.
@nationalibus98963 жыл бұрын
Hello Jay. Thanks for the video. Good jog. Do you mind to share witch pfsense appliance do you use/recommend for home users? - Alex
@MarkParkTech3 жыл бұрын
I personally use a domain controller on my Linux network, but I've operated for years without one - The main reason I use one now is automatic DNS population for systems on my network, without having to worry about systems with dynamic IP's and what not. I can of course just set everything up static and do it manually and I do know how to do this, but I find that having a DC just makes my life easier in this regard. I do use samba 4 as my domain controller. Do you have or know of any example of Linux/BSD specific alternatives that can achieve similar results? I'd be interested in know what is out there.
@DrDingus Жыл бұрын
Can't pfsense do automatic DNS population? Or is that something different?
@cglegg3 жыл бұрын
Amazing! Thank you.
@TiagoJoaoSilva3 жыл бұрын
Samba, if you compile it from source, can host an Active Directory database, simulate a Domain Controller and can be managed with Windows tools (RSAT). I can't quite recall if there's a samba-ad-dc package available in Ubuntu. But you still have to do more work to integrate isc-dhcp and bind9 with Samba to get something that behaves like a Windows DC. SambaWiki has everything you need. If you don't need user and device management, the stuff in pfSense is enough to have a DNS domain name accepted externally and reverse proxies to internal servers. Just take care to secure all that stuff, it's the Wild West out there.
@samuelgodfreyhendrix3 жыл бұрын
In my experience, most residential IP addresses are effectively static with them only changing if you make the ISP’s internal DHCP server think it is talking to a different device (change in MAC address, hostname, etc on your router).
@MrMcp763 жыл бұрын
It can also change if you disconnect your modem for maybe 5 minutes or longer. Depends on the ISP and how long they hold a lease for you before releasing it. When your ISP tells you they are going to reset your connection during troubleshooting steps they are probably performing a release/renew of that address.
@piotrpytkowski1542 Жыл бұрын
Hi Jay, consider video about bind9 configuration - subject is hard!
@Kenny_Ded3 жыл бұрын
Where did the second Raspberry Pi "stack" in your rack go?
@brandongraham35093 жыл бұрын
Preparation for Shenanigans probably. Either that or pulled about for the 11 pi cluster Jay's mentioned.
@omnipitentevanescen Жыл бұрын
IF I understood the concepts correctly, I can actually set my domain in my home-network to whatever I want, at risk of it denying me a real website with the same name, and as long as I don't have any of my services port forwarding to the public internet, I wont interrupt anyone else's access to a website and bring them to a machine in my home-lab. If I wanted to access my home-lab from the outside, I could use a proxy and or a VPN. Just because I want to setup and learn through doing, but I don't want to pay for a domain yearly, and as long as it isn't accessible outside my home network I should be fine?
@propnut70853 жыл бұрын
fantastic video..
@NFvidoJagg23 жыл бұрын
technically wouldn't the pfsense router be the domain controller since it's dictating the domain? granted it's not doing LDAP functionality but that would be outside of this tutorial.
@GeoffSeeley3 жыл бұрын
No. In Windows terms, a domain controller is used to sync Active Directory which is just LDAP with some Windows specific features. AD is usually a source of authentication and authorization (Users and Groups). It doesn't have to have DNS services, but it's usually recommended to have DNS on your DC as well. This video focuses strictly on the DNS component.
@Charlie89133 жыл бұрын
What i totally missed was talking about certificates for HTTPS. They are the only reason why i switched from the fake ".lan" domain to a domain i bought, so i can have https on all my internal services via let's encrypt (wildcard-certificate via dns challenge so my internal hostnames can't be looked up from anybody). With the .lan domain i manually created certificates with my own certificate authority (via the TrueNAS webinterface), but this own CA certificate needed to be installed on all devices, made issues on some Android apps and needed to be built into some docker containers so it was much more complicated to set up. I wish i was much older so i could have got a chance to get one of the really short domain names, something short like i.e. "k.de", there's no chance to get one of them nowadays and that's the only downside of using a real domain...
@jimmithfarrel89862 жыл бұрын
You didn't explain how to point your domain registrar to know your DNS server as authoritative to resolve the IPs for those web servers.
@Steamrick3 жыл бұрын
Okay, I have one question left: Why would I bother to add a domain to my home network? What's the advantage of having a domain if you don't have a domain controller to do any controlling with?
@JordanKetterer2 жыл бұрын
you can more easily navigate around your home network with FQDM and hostnames then, this is great for many things including SSH and any other service
@Hybrid.Robotics3 жыл бұрын
A better way to configure this would be to have your local domain be something like mydomain.aaa and they have your computers be a.mydomain.aaa, b.mydomain.aaa, c.mydomain.aaa, etc. You *should* be able to set the local domain in your router to mydomain.aaa. Then, any requests for *.**mydomain.aaa** would be routed to your local router. If you have a hosts file configured on one of your local computers, it would have the mapping of names to IP addresses and your router could send all requests for **mydomain.aaa** to that local computer which could forward to the requested computer on your local network. I do not think this would be too difficult for most people to set up. It is possible that you *may* even be able to set the equivalent to a hosts file in your router.
@helvettefaensatan Жыл бұрын
What is stopping a nefarious café WiFi owner from spoofing DNS?
@apoorv94923 жыл бұрын
Can you talk about OpenWRT?
@ShawnLivesInItaly3 жыл бұрын
Thanks
@noweare1 Жыл бұрын
From my desktop in order to reach my server using its external addressI had to use fully qualified domain name . If I use ping using only host name the ip address of the server was its internal ip address. Whats funny is the time was faster using the FQDN.
@kjakobsen3 жыл бұрын
In a purely Linux envirenment, a domaincontroller wouldnøt be necessary. But you could still use, an LDAP server instead. OpenLDAP, FreeIPA etc. Actually cool technology to setup. :)
@JordanKetterer2 жыл бұрын
i would love to see this for home use, with roaming home files that sync and allow more users and shared privileges and control over clients..... iv been using cockpit for admin and could learn ansible to get similar but have not quite that far yet
@Charlie89133 жыл бұрын
Instead of "local.lan" one could just use "lan", used that for many years. Don't pay for a dynamic DNS service, there are free ones like duckdns and freedns. Or maybe you bought a domain, the domain registrar might offer a dynamic DNS service for free to their customers (mine does).
@arcticjoe11423 жыл бұрын
Jay I love your videos, man. But jeez, way too many commercials.
@gdvissch3 жыл бұрын
Isn’t what you call the proxy server actually a reverse proxy server? Maybe too detailed for the audience you had in mind but then again, if you start forwarding ports from the Internet, you’d better know what you are doing.
@rashie3 жыл бұрын
👍👍
@chillnacho9 ай бұрын
What happened to this series?
@GrishTech3 жыл бұрын
Never use .local I never understood why I come across Windows domain environments with .local being used. At least make it a subdomain of your company.
@voiceoftreason17602 жыл бұрын
What did you make the diagrams with here? I thought maybe draw.io but I didn't find these nice computer and wireless router icons in there
@eleander Жыл бұрын
I'm 5 minutes into the video and somehow this guy is still babbling on about some simplification of what dns is. Mateeee