Things you shouldn't host...

Hosted Solutions First

Before getting started with self-hosting your whole world using open source software, there are a few hosted services I would highly recommend to start with. As tempting as it may be to host your own VPN, git origin, or password manager locally, the pros certainly outweigh the cons with using bulletproof hosted services you can trust in these unique cases.

• Cloudflare : A powerful cloud platform that provides security, performance, and reliability services for websites and applications.
• GitHub : A popular web-based platform for version control and collaboration, widely used for hosting code repositories and managing projects.
• Mullvad VPN : A privacy-focused virtual private network (VPN) service that helps protect your online privacy and secure your internet connections.
• Bitwarden : A secure and open-source password management solution, offering encrypted storage for passwords and other sensitive information.

Cloudflare

Cloudflare’s free tier offers an impressive array of features that go beyond traditional security measures. With their Zero Trust solution, Cloudflare provides a comprehensive security framework that can secure your self-hosted services more effectively than a VPN alone. By leveraging Cloudflare’s Zero Trust architecture, you can implement granular access controls, multi-factor authentication, and secure connections for your services. What’s more, Cloudflare’s free tier allows you to easily extend these benefits to your family and friends. By setting up Cloudflare for your self-hosted services, you can conveniently offer secure access to your applications, websites, or resources to your loved ones. Additionally, Cloudflare’s robust network and content delivery infrastructure enable you to enjoy remote network access wherever you may be. Whether you’re traveling or working remotely, Cloudflare ensures fast and reliable connectivity to your self-hosted services, bringing them closer to you regardless of your physical location.

Github

GitHub has become the go-to platform for source control, and its benefits go beyond managing code. By hosting your projects on GitHub, you gain the assurance of always available protection for your valuable code, settings, and configurations. With built-in version control and collaboration features, GitHub ensures that your code is safely stored, tracked, and accessible at any time. Additionally, GitHub serves as a powerful tool for building your online developer presence. As you expand your knowledge and contribute to open-source software, GitHub provides a central hub for showcasing your projects, contributions, and expertise. This online presence not only demonstrates your technical abilities but also helps you establish a professional network and reputation within the developer community. When the time comes to look for jobs or collaborate with others, your presence on GitHub can significantly enhance your profile and credibility, opening doors to exciting opportunities.

Mullvan VPN

Mullvad VPN stands out as one of the most secure and anonymous VPN solutions available, offering top-notch privacy and protection for your online activities. With a strong focus on anonymity, Mullvad VPN does not require any personal information during the sign-up process and provides anonymous payment options, such as cryptocurrency. By encrypting your internet traffic and routing it through their network of secure servers, Mullvad VPN shields your online communications from prying eyes and potential threats. It ensures that your browsing activity, sensitive data, and personal information remain private and secure. Despite its exceptional security features, Mullvad VPN comes at a low cost, offering an affordable solution for individuals seeking reliable privacy and anonymity online. With Mullvad VPN, you can enjoy peace of mind knowing that your online presence is safeguarded without breaking the bank.

Bitwarden

Bitwarden’s cloud offering provides a trustworthy and secure solution for password management, backed by its open-source nature. As an open-source software, Bitwarden undergoes rigorous scrutiny from the community, ensuring transparency and accountability in its security practices. With Bitwarden’s cloud service, you can trust that your passwords, RSA keys, and sensitive variables are stored securely and encrypted with strong algorithms. The online availability of Bitwarden allows for seamless integration across all your client browsers and desktops, ensuring that you are never without access to your important credentials. Whether you’re at home or on the go, Bitwarden’s cloud-based solution enables you to effortlessly access and manage your passwords and other sensitive information. Say goodbye to the hassle of memorizing multiple passwords or carrying sensitive data with you. With Bitwarden, you can have peace of mind, knowing that your valuable information is secure and easily accessible whenever you need it.

How I use these services

Sounds great, but what’s it look like if I leverage these platforms for my home lab?

First off, it’s worth mentioning that you can employ all of these services for ~$5 a month, and that’s essentially the price of Mullvad VPN. The rest offer free tiers that are more than suitable for your personal use.

Cloudflare deserves an entire write-up, which I’ll commit to making in the future and linking to this post. You will likely run a single cloudflare tunnel on a VM that is always on in your cluster. This tunnel will give you, and anyone you share it with (up to 25 users for free) secure access to one or many of your hosted solutions. I’d recommend registering a domain (sometimes as low as $5 a year) like www.my-awesome-lab.com through Cloudflare. Your web interfaces on Linux Containers or VMs can be given public hostnames such as dashboard.my-awesome-lab.com or movies.my-awesome-lab.com. In addition, when you aren’t at home on your local network, you can install the WARP client on your laptop, to give you instant access to your intranet routes from anywhere. Simply SSH in as you would from home. When the WARP client is connected, it’s as if you never left the house.

Most of your configurations for dotfiles or setup routines would be best served through github. This can be a private repo of course but nothing beats have an always on code repository when you spin up your next container. Likewise, get in the habit of storing every sensitive environment variable, logon, or RSA key in your password vault. You’ll thank me later when you can’t remember the admin console password to the obscure gaming server platform you setup a year ago. I like to keep a Home Lab folder in my Bitwarden account to keep things organized, and use the Bitwarden Chrome extension where ever I use a browser.

Mullvad VPN is optional, if perhaps downloading certain questionable content is your thing. Definitely something I never do… The kill switch ensures that none of your traffic ever leaks through your personal internet if you miss a payment or have a disconnection. Setup is a breeze and the price is well worth it.