1·
10 months agoI’ve stopped using my wiki as I discovered https://www.bookstackapp.com/
The advantage is it forced me to organise my notes rather then the mess I had before while still maintaining the ability to link between scribblings…
- 0 Posts
- 7 Comments
Joined 11 months ago
Cake day: October 18th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Not a router I know so I can only give general advice.
You need to find out if your ISP allows incoming connections on port 22
You will need to find out if you are on CGNAT or equivalent for your internet connection - look at the external IP address of your kit.
You will need to set your Pi up to have a fixed IP address internally (based done on the router / DHCP server rather than on the PI)
Get fail2ban and ssh keys working first (I would also look to add UFW - do it with a keyboard and screen set up just incase you lock down port 22 in error).
Then you will need to find your router manual and look at that for port forwarding, It can be called a few things:
- Application / web services
- Port Forwarding
- NAT forwarding
- Incoming Port Triggering
Avoid anything that is setting up DMZ - you only want to to open one port to the Pi and keep it on your network.
Normally port forwarding will need to know the source and destination port (port 22 in both cases for SSH by default) and the internal IP address or destination (the PI) - some routers will need the MAC address of the PI instead of the IP address. You can normally find this from the router / DHCP server or from the Pi using
ip aand looking for the MAC details. Some folk will recommend moving ssh from port 22 - two minds over this as a port scan will show the new port up BUT you do stop the stupid attacks that try to brute force 22 using pi / raspberryTesting is best done with a different network - use your mobile or a different house as lots of routers do not allow a loop back (hair pinning) into the same network as your originate the connection.
If you find yourself on CGNAT or not able to open port 22 then there are a few things you can look at:
- Zeroteir or Tailscale have a free offering for a VPN that originates inside your network so no ports need to be open
- Cloudflare tunnels allow web (HTTP / HTTPS) and ssh tunnels to be set up
All of these require a small client program to be running on the Pi or other machine.
Have a look at Cloudflare tunnels.
Easiest way would be to run it on the server (either Docker or direct command line) and this will give you http / https / ssh access to the server with an option for different types of authentication.
There is a walkthrough https://www.crosstalksolutions.com/cloudflare-tunnel-easy-setup/ - a bit out of date for screen shots (Cloudflare change the screens frequently it seems to me) but lots exist on the net / YouTube if you get stuck.
Please tell me you plan to use ssh keys and preferable fail2ban and a firewall on your machine if you are not using a VPN / Cloudflare tunnel.
https://www.tomshardware.com/how-to/use-a-secure-key-for-ssh is one starting point but u/flaming_m0e nailedit - what actually is your problem?
I would also ask - what do you aim to do?
Some clue as to your network kit (esp the router and if you are on CGNAT) would also help.
Domain does not equal email…
You also need an email server and they should tell you how to set up the MX records for your domain. As you are using Namecheap, you will find it easy to use their email service at https://www.namecheap.com/hosting/email/
Using Outlook as the mail server for your domain is possible BUT it depends on your MS contract and some, e.g. 365 Personal have changes coming up at the end of this month - start at https://support.microsoft.com/en-us/office/get-a-personalized-email-address-in-microsoft-365-75416a58-b225-4c02-8c07-8979403b427b
You used to be able to use Outlook on the web to pull from SMTP or IMAP servers so you had everything in one inbox but I honestly do not know if that exists now and still requires the external email server.
Try https://github.com/gitbls/ndm
It’s command line driven but takes very little in the way of memory / processor.
IIRC Getting the LetsEncrypt certificate for NGINX Reverse Proxy requires direct access to the web site on port 80 - you are behind CGNAT and stuffed…
Possibly have a look at Cloudflare tunnel (Cloudflared in Docker) - this gives you http / https access with certificates. I used these instructions and it took less than an hour to get up and running https://www.crosstalksolutions.com/cloudflare-tunnel-easy-setup/ Note my TTL on the domain was set low to speed up transfer of name servers.
This also lets me access the sites directly using the full DNS entry even though my router does not handle hair pinning - no need for a local DNS server anymore.
Note the above are slightly out of date to the screen layout but in principal they work fine.
There is a small security concern - Cloudflare can intercept all traffic (even to/from https sites) internally - that does not worry me but your use case (or principals) may differ :-)