Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| selfhost:architecture [2024/02/20 06:47] – [Hardware Architecture] willy | selfhost:architecture [2024/10/25 08:37] (current) – removed willy | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== My Self-Host Architecture ===== | ||
| - | |||
| - | |||
| - | {{ : | ||
| - | |||
| - | |||
| - | ==== Network Architecture ==== | ||
| - | |||
| - | You have three different network zones: | ||
| - | * The **external** zone, which is internet or in general anywhere **outside** your home. This will be on the other side of your ISP gateway/ | ||
| - | * The **internal** zone, which is your home network, it's considered safe and comfy. Do not let unknown strangers have the WiFi password! | ||
| - | * The gray zone: between your server and the ISPs gateway/ | ||
| - | |||
| - | The **internal** network will be described in details later on. I assume you will choose a subnet like 10.0.0.0/24 for it. I suggest you don't use a subnet in the 192.168.x.y range as many of these ranges are already used by ISP routers and devices and in case of a clash you might end up having to replace addresses on all your internal hosts, and this can be a mess. A good idea is to use the 10.a.b.c ranges and choose something meaningful like, if you live at Via Roma 68, zip 4012, yo could choose 10.40.68.c as subnet. | ||
| - | |||
| - | The gray zone is dependent on your ISP, i will assume your ISP uses 192.168.1.0/ | ||
| - | |||
| - | The **external** network is assumed to be behind CG-NAT (Carrier Grade NAT) and thus you do not have, and cannot have, a static IP visible from outside in any possible way. This is the commnon truth for mostly everybody nowadays. | ||
| - | |||
| - | For you lucky from the USA, where sometimes you can (maybe paying, or even for free) get a static IP, this might not apply, but since the world is big and 99% of people cannot access a static IP anymore... | ||
| - | |||
| - | Your home server will require two different network interfaces, either wired or WiFi doesn' | ||
| - | |||
| - | Your remote servers must be reachable using your domain name (i will assume **mydomain.com**) whatever that means for you, as far it's reachable with that domain, it's good. You should reserve a dedicated additional sub-domain like **remote.mydomain.com** because i will show you how to reflect the DNS setup on the internal network to point to your home server, so accessing your remote server from **internal** network will require the // | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | ==== Software Architecture ==== | ||
| - | |||
| - | I am a big Gentoo fan since decades, so my choice specially for servers is always Gentoo. More on this later on. Both servers will be Gentoo servers. | ||
| - | |||
| - | The internal server will host all the services. | ||
| - | |||
| - | Remote, external, server is hosted somewhere on the network. It acts as a thin client redirecting connections to the internal server. | ||
| - | |||
| - | The advantages of this solution are: | ||
| - | * Secure setup (encrypted tunnel to home, all services exposed trough https) | ||
| - | * Easy maintenance: | ||
| - | * Low cost: grab the chapest VPS you can find and it will work just fine. | ||
| - | * | ||
| - | |||
| - | ===== Main services ===== | ||
| - | |||
| - | The goal will be to host one or more of the following services for yourself and your family in a secure and remotely accessible way: | ||
| - | * webcam / DVR access | ||
| - | * Photo backup and storage | ||
| - | * Private files sharing | ||
| - | * Sailing access | ||
| - | * Home Automation services | ||
| - | * GIT and such | ||
| - | * Printer and scanner | ||
| - | * Mobile devices synchronization | ||
| - | * more... | ||