First Commit

2 Personal/Home Lab/NAS/External Access.md

@@ -0,0 +1,41 @@
+---
+Owner: Claudio
+---
+# DS-Lite
+
+My ISP (Salt) uses DS-Lite which basically shares a few IPV4 addresses between a lot of customers and internally route traffic using IPV6 addresses. This means that I only have a static IPV6 address and nothing else.
+
+If you want to access your home network you will need to either use IPv6, which does not always work (old devices use IPv4) or have a port-mapping service that translates IPv4 traffic to your static IPv6 address.
+
+  
+
+# Other Methods
+
+## Zerotier
+
+Zerotier is an amazing tool to do a peer to peer network, it will however not allow anyone to access a service.
+
+## VPS Forwarder
+I'm using [[nginx]] to forward ipv4 requests to my static ipv6 address of the NAS. It acts as a reverse server using different ports for different applications and I'm using A-records on my hosting provider to differentiate subdomains into different applications:
+- [photos.claudiofritsche.com](https://photos.claudiofritsche.com)
+- [drive.claudiofritsche.com](https://drive.claudiofritsche.com)
+- [kino.claudiofritsche.com](https://kino.claudiofritsche.com/)
+
+The nginx subsite has the following config in `sites-availble`:
+```xml
+server {
+
+       server_name drive.claudiofritsche.com;
+       location / {
+            proxy_pass https://[2a04:ee41:3:c45c:211:32ff:fec0:4372]:5555;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+       }
+}
+```
+
+then I used certbot to add the ssl: ` sudo certbot --nginx -d drive.claudiofritsche.com`
+
+and finally reload the nginx service: `sudo systemctl reload nginx`