I have a small homelab that is not open to the internet. I am considering the following setup. Please let me know if there are any glaring issues or if I am over complicating things.

  • I want to setup a reverse proxy in the cloud that will also act as a certificate authority. (I want to limit who can access the server to a small group of people.)

  • I will setup a vpn from a raspberry pi in my home to the reverse proxy in the cloud.

  • The traffic will pass from the raspberry pi vpn to my homelab.

I am not sure if I need the raspberry pi. I like the cloud as the reverse proxy as I do not have a static IP. I would just get a cheap vps from hetzner or something like that.

  • Justin@lemmy.jlh.name
    link
    fedilink
    English
    arrow-up
    2
    ·
    27 days ago

    it might be better to skip the cloud server and use cloudflare for dynamic dns. The standardized way to restrict access to websites is with client certificates or a basic authentication (user/pass) proxy. That would help avoid issues with internet traffic passing through the VPN accidentally.

    • M600@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      26 days ago

      Thanks! Last time I checked cloudflare had bandwidth limits. My primary uses for it may use a decent amount of bandwidth as I’ll be hosting jellyfin as well as my backup solution.

      • Justin@lemmy.jlh.name
        link
        fedilink
        English
        arrow-up
        4
        ·
        25 days ago

        Should work well for that!

        If you use cloudflare for dns only and turn cloudflare proxying off, none of your data or traffic goes to cloudflare’s servers. They just act as your dns server, telling your devices what IP to go to.