How to Homelab: Considerations for adding a Domain to your Gear

  Рет қаралды 41,016

Learn Linux TV

Learn Linux TV

Күн бұрын

Пікірлер: 52
@minibit0103
@minibit0103 3 жыл бұрын
I’m in a masters degree for “CyberSecurity”. I have learned more from your tutorials about security best practices and hardware/software information. I’m currently following your low power build guide to build out my first home lab. I had trepidation on going beyond just using my current PC and VMware desktop, to purchasing dedicated hardware for servers but I have decided to take the leap. Thank you for the amazing content, it keeps me motivated to learn and expand my knowledge bank.
@nkmicros540
@nkmicros540 3 жыл бұрын
You are one of those rare youtubers when you should give thumbs up even before the video starts. =-)
@gorillaau
@gorillaau Жыл бұрын
Yes, volume is good. Presentation assumes little but doesn't over explain as a deep dive into the side subject, as this is not a "deep subject" tutorial.
@MrMcp76
@MrMcp76 3 жыл бұрын
Fantastic. Great info and stated clearly. It's hard to find content like this which provides a deep enough dive without going too deep into the weeds and getting sidetracked.
@sdad1969
@sdad1969 3 жыл бұрын
loved it. Explained it so simply that a simple Joe like me could understand it in the first go! Great job.
@Tom_Azin
@Tom_Azin 3 жыл бұрын
Jay you nailed it! This is by far the best and simplest explanation that I could find. Thank you!
@samo9288
@samo9288 3 жыл бұрын
Question about your port forward rules at 27:00. Why is the Dest. Address "proxy_external_ip" instead of WAN address like the others?
@kingrpriddick
@kingrpriddick Жыл бұрын
Probably more than one public IP so personal vs lab or personal vs business. A business line from an ISP often comes with 3 or 5 or more public IPs.
@innesleroux9439
@innesleroux9439 2 жыл бұрын
Thank you so much for this! All I needed was how to specify the key location. Could not figure it out. Your video made this clear.
@ArturBrandys
@ArturBrandys 3 жыл бұрын
I have just added my private domain to my router (Asus RT-N12+) settings and now I can ping my laptops using fully qualified domain names. Thanks :)
@Felix-ve9hs
@Felix-ve9hs 3 жыл бұрын
This is exactly what I have been searching for, thanks a lot :^)
@camerontgore
@camerontgore 3 жыл бұрын
@LearnLinuxTV Please do a follow-up video on building our own DNS server!
3 жыл бұрын
This is me being "the internet" to tell you you're wrong. But not in a mean way. I think you do great work and appreciate much of your content, like your Ansible series. However, I believe it is worth clarifying your description of a typical residential network topology. In my experience, there is no DNS server in the "router" device in most residential networks. Instead, there is both a DHCP server and client. The client listens on the "WAN" side and is assigned an IP address and one or more DNS server addresses. Those DNS servers are typically operated by the Internet Service Provider. The residential gateway device (a.k.a. "router") merely "parrots" the DNS server addresses it was assigned by the ISP to the in-home devices when assigning them network configurations in response to DHCP requests from devices connecting to the LAN ports or via WLAN (home WiFi). So there is no DNS running on the "router" as you show in your diagram. DNS requests from in-home devices merely pass through the residential gateway / "router" like any other IP traffic. Maybe things are different with your provider? PfSense does run a DNS resolver, and that is why you can so easily create a FQDN for your internal LAN clients. Most of your residential viewers, however, likely would have to stand up their own DNS server and then modify their gateway device (router) configuration to serve that internal IP address as the Primary DNS Server address in its DHCP responses. Better, if they are going to stand up DNS inside their home LAN, they should probably also make that a DHCP server as well because (like with PfSense), it can be integrated with the DNS server to auto-generate DNS entries for local devices inside the home. Of course, it would be important for the DHCP server on the "router" device be disabled so that the two won't conflict. Fun, fun stuff!
@jotdot
@jotdot 3 жыл бұрын
do you have a video that talks about https forwarding with proxy like do you leave it off on the actual server and only have the proxy server handle the HTTPs curts
@valterschmaltz
@valterschmaltz 3 жыл бұрын
I use pihole for local hosts. I also have my own domain name, I use cloudflare to manage it for free, it also has a docker ddns app that keeps checking for IP change. I also use nginx Proxy manager to access all my apps with HTTPS
@ryanbell85
@ryanbell85 3 жыл бұрын
Can you use Nginx Proxy manager for both Docker and non-Docker related applications? I've been using Traefik in my Docker server recently but I'd like to expose my other applications outside of Docker as well but I don't think I can do that with Traefik.
@valterschmaltz
@valterschmaltz 3 жыл бұрын
@@ryanbell85 yes you definitely can, it can be used as proxy for any app running on any host.
@Thomas_Grusz
@Thomas_Grusz Жыл бұрын
Great video, thanks Jay!
@voiceoftreason1760
@voiceoftreason1760 3 жыл бұрын
Can you maybe do another more in depth tutorial on how to set up virt-manager with bridged networking using the gnome tools? I wanted to switch from Virtualbox to kvm with virt-manager which I did succesfully, but I haven't been able to set it up so I can connect to VMs over the network with a vnc connection, or for example reach a website running on a VM. I am using Arch Linux with gnome and systemd networking, and want to have a VM on the same local IP space as my LAN hosts, so 192.168.1.{1..100}. (above 100 is dhcp). Maybe this can't be configured only with GUI tools (nm-connection-editor), but also needs some configuration file editing. It is definitely not as easy as Virtualbox unfortunately.
@nationalibus9896
@nationalibus9896 3 жыл бұрын
Hello Jay. Thanks for the video. Good jog. Do you mind to share witch pfsense appliance do you use/recommend for home users? - Alex
@MarkParkTech
@MarkParkTech 3 жыл бұрын
I personally use a domain controller on my Linux network, but I've operated for years without one - The main reason I use one now is automatic DNS population for systems on my network, without having to worry about systems with dynamic IP's and what not. I can of course just set everything up static and do it manually and I do know how to do this, but I find that having a DC just makes my life easier in this regard. I do use samba 4 as my domain controller. Do you have or know of any example of Linux/BSD specific alternatives that can achieve similar results? I'd be interested in know what is out there.
@DrDingus
@DrDingus Жыл бұрын
Can't pfsense do automatic DNS population? Or is that something different?
@cglegg
@cglegg 3 жыл бұрын
Amazing! Thank you.
@TiagoJoaoSilva
@TiagoJoaoSilva 3 жыл бұрын
Samba, if you compile it from source, can host an Active Directory database, simulate a Domain Controller and can be managed with Windows tools (RSAT). I can't quite recall if there's a samba-ad-dc package available in Ubuntu. But you still have to do more work to integrate isc-dhcp and bind9 with Samba to get something that behaves like a Windows DC. SambaWiki has everything you need. If you don't need user and device management, the stuff in pfSense is enough to have a DNS domain name accepted externally and reverse proxies to internal servers. Just take care to secure all that stuff, it's the Wild West out there.
@samuelgodfreyhendrix
@samuelgodfreyhendrix 3 жыл бұрын
In my experience, most residential IP addresses are effectively static with them only changing if you make the ISP’s internal DHCP server think it is talking to a different device (change in MAC address, hostname, etc on your router).
@MrMcp76
@MrMcp76 3 жыл бұрын
It can also change if you disconnect your modem for maybe 5 minutes or longer. Depends on the ISP and how long they hold a lease for you before releasing it. When your ISP tells you they are going to reset your connection during troubleshooting steps they are probably performing a release/renew of that address.
@piotrpytkowski1542
@piotrpytkowski1542 Жыл бұрын
Hi Jay, consider video about bind9 configuration - subject is hard!
@Kenny_Ded
@Kenny_Ded 3 жыл бұрын
Where did the second Raspberry Pi "stack" in your rack go?
@brandongraham3509
@brandongraham3509 3 жыл бұрын
Preparation for Shenanigans probably. Either that or pulled about for the 11 pi cluster Jay's mentioned.
@omnipitentevanescen
@omnipitentevanescen Жыл бұрын
IF I understood the concepts correctly, I can actually set my domain in my home-network to whatever I want, at risk of it denying me a real website with the same name, and as long as I don't have any of my services port forwarding to the public internet, I wont interrupt anyone else's access to a website and bring them to a machine in my home-lab. If I wanted to access my home-lab from the outside, I could use a proxy and or a VPN. Just because I want to setup and learn through doing, but I don't want to pay for a domain yearly, and as long as it isn't accessible outside my home network I should be fine?
@propnut7085
@propnut7085 3 жыл бұрын
fantastic video..
@NFvidoJagg2
@NFvidoJagg2 3 жыл бұрын
technically wouldn't the pfsense router be the domain controller since it's dictating the domain? granted it's not doing LDAP functionality but that would be outside of this tutorial.
@GeoffSeeley
@GeoffSeeley 3 жыл бұрын
No. In Windows terms, a domain controller is used to sync Active Directory which is just LDAP with some Windows specific features. AD is usually a source of authentication and authorization (Users and Groups). It doesn't have to have DNS services, but it's usually recommended to have DNS on your DC as well. This video focuses strictly on the DNS component.
@Charlie8913
@Charlie8913 3 жыл бұрын
What i totally missed was talking about certificates for HTTPS. They are the only reason why i switched from the fake ".lan" domain to a domain i bought, so i can have https on all my internal services via let's encrypt (wildcard-certificate via dns challenge so my internal hostnames can't be looked up from anybody). With the .lan domain i manually created certificates with my own certificate authority (via the TrueNAS webinterface), but this own CA certificate needed to be installed on all devices, made issues on some Android apps and needed to be built into some docker containers so it was much more complicated to set up. I wish i was much older so i could have got a chance to get one of the really short domain names, something short like i.e. "k.de", there's no chance to get one of them nowadays and that's the only downside of using a real domain...
@jimmithfarrel8986
@jimmithfarrel8986 2 жыл бұрын
You didn't explain how to point your domain registrar to know your DNS server as authoritative to resolve the IPs for those web servers.
@Steamrick
@Steamrick 3 жыл бұрын
Okay, I have one question left: Why would I bother to add a domain to my home network? What's the advantage of having a domain if you don't have a domain controller to do any controlling with?
@JordanKetterer
@JordanKetterer 2 жыл бұрын
you can more easily navigate around your home network with FQDM and hostnames then, this is great for many things including SSH and any other service
@Hybrid.Robotics
@Hybrid.Robotics 3 жыл бұрын
A better way to configure this would be to have your local domain be something like mydomain.aaa and they have your computers be a.mydomain.aaa, b.mydomain.aaa, c.mydomain.aaa, etc. You *should* be able to set the local domain in your router to mydomain.aaa. Then, any requests for *.**mydomain.aaa** would be routed to your local router. If you have a hosts file configured on one of your local computers, it would have the mapping of names to IP addresses and your router could send all requests for **mydomain.aaa** to that local computer which could forward to the requested computer on your local network. I do not think this would be too difficult for most people to set up. It is possible that you *may* even be able to set the equivalent to a hosts file in your router.
@helvettefaensatan
@helvettefaensatan Жыл бұрын
What is stopping a nefarious café WiFi owner from spoofing DNS?
@apoorv9492
@apoorv9492 3 жыл бұрын
Can you talk about OpenWRT?
@ShawnLivesInItaly
@ShawnLivesInItaly 3 жыл бұрын
Thanks
@noweare1
@noweare1 Жыл бұрын
From my desktop in order to reach my server using its external addressI had to use fully qualified domain name . If I use ping using only host name the ip address of the server was its internal ip address. Whats funny is the time was faster using the FQDN.
@kjakobsen
@kjakobsen 3 жыл бұрын
In a purely Linux envirenment, a domaincontroller wouldnøt be necessary. But you could still use, an LDAP server instead. OpenLDAP, FreeIPA etc. Actually cool technology to setup. :)
@JordanKetterer
@JordanKetterer 2 жыл бұрын
i would love to see this for home use, with roaming home files that sync and allow more users and shared privileges and control over clients..... iv been using cockpit for admin and could learn ansible to get similar but have not quite that far yet
@Charlie8913
@Charlie8913 3 жыл бұрын
Instead of "local.lan" one could just use "lan", used that for many years. Don't pay for a dynamic DNS service, there are free ones like duckdns and freedns. Or maybe you bought a domain, the domain registrar might offer a dynamic DNS service for free to their customers (mine does).
@arcticjoe1142
@arcticjoe1142 3 жыл бұрын
Jay I love your videos, man. But jeez, way too many commercials.
@gdvissch
@gdvissch 3 жыл бұрын
Isn’t what you call the proxy server actually a reverse proxy server? Maybe too detailed for the audience you had in mind but then again, if you start forwarding ports from the Internet, you’d better know what you are doing.
@rashie
@rashie 3 жыл бұрын
👍👍
@chillnacho
@chillnacho 9 ай бұрын
What happened to this series?
@GrishTech
@GrishTech 3 жыл бұрын
Never use .local I never understood why I come across Windows domain environments with .local being used. At least make it a subdomain of your company.
@voiceoftreason1760
@voiceoftreason1760 2 жыл бұрын
What did you make the diagrams with here? I thought maybe draw.io but I didn't find these nice computer and wireless router icons in there
@eleander
@eleander Жыл бұрын
I'm 5 minutes into the video and somehow this guy is still babbling on about some simplification of what dns is. Mateeee
The Homelab Show Episode 28:Own Your Domain
55:23
Lawrence Systems
Рет қаралды 16 М.
1% vs 100% #beatbox #tiktok
01:10
BeatboxJCOP
Рет қаралды 67 МЛН
BAYGUYSTAN | 1 СЕРИЯ | bayGUYS
36:55
bayGUYS
Рет қаралды 1,9 МЛН
Quando eu quero Sushi (sem desperdiçar) 🍣
00:26
Los Wagners
Рет қаралды 15 МЛН
You want a real Name Server at home? // DNS
32:31
Christian Lempa
Рет қаралды 283 М.
Linux Crash Course - Understanding File & Directory Permissions
35:48
Learn Linux TV
Рет қаралды 122 М.
10 Tips for Hardening your Linux Servers
22:48
Learn Linux TV
Рет қаралды 70 М.
Linux Crash Course - Formatting & Mounting Storage Volumes
32:28
Learn Linux TV
Рет қаралды 267 М.
Quick and Easy Local SSL Certificates for Your Homelab!
12:08
Wolfgang's Channel
Рет қаралды 880 М.
You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!
18:02
How to Homelab Episode 1 - Tips on Getting Started
16:36
Learn Linux TV
Рет қаралды 187 М.
Essential Best Practices for Setting Up a New Linux Server
20:39
Learn Linux TV
Рет қаралды 184 М.
HomeLab Services Tour 2024 - What Am I Self Hosting?
40:00
Techno Tim
Рет қаралды 509 М.
1% vs 100% #beatbox #tiktok
01:10
BeatboxJCOP
Рет қаралды 67 МЛН