External server

If you have read the this page, you should know why you need at least one external server.

I will assume you have two external servers with public IP addresses:

• external.mydomain.com with IP 99.99.99.99
• failback.mydomain.com with IP 77.77.77.77

Whether they are commercial servers, rented hardware, virtual servers or some box you plugged in in secret at your uncle workplace, i don't care. All you need is a public IP with a Linux operating system and the subdomain names that you can point to it.

The best choice would be a physical hardware with unlimited bandwidth and data cap, and with free network attached console.

Now stop dreaming and get real.

There are different tiers of servers, and i assume they are all hosted on some networking provider premises (= outside your home):

1. Your own hardware
2. You rent some real hardware
3. You rent some virtual machine on shared hardware (VPS)

The first option is probably stupid, as it brings on you the burden of hardware failures and maintenance. It make sense only when you can host it very close to you, where you can phisically go when needed, and if you can do it for free. Renting rack space can quickly cost as much as renting the entire server hardware itself.

The second option is the best for privacy, since you actually are the only user on the hardware itself, but it is slightly more expensive. And you can usually install the OS you like.

The last option is usually the cheapest option, the only drawback is that the underlying hardware is shared between many VPSes. Also often you cannot choose your OS.

Whatever option you choose, depending on budget and whatever preference you have, these are the minimum requirements you want to focus on:

• public IP address (owuld be meaningless utherwise!)
• enough bandwidth (10Mbit/s or better)
• possibly no data-cap, or a reasonable one (100Gbit/months should be fine for light usage)
• Linux operating system
• Remote SSH access to the server (or some kind of VDI access)

Things you might want to consider (price for value):

• Access to network console, for when the server doesn't boot and you need good old keyboard&mouse
• Freedom to install your own OS (which will be Gentoo of course!)

Things that don't need money spent on:;

• Storage (no data will be stored locally, only enough to install OS is needed)
• RAM (8Gb should be more than enough, no services will run on the machine)
• CPU (the smallest one will be more than capable to route IP packets)

Of course, pump up storage if you plan to use the server also for offsite-backup storage.

I assume you can install your own OS, so let's install Gentoo. Follow the Quick & Dirty Gentoo Installation but on your external server.

You don't need to install anything beside the bare minimum of the basic text-only installation.

Do not create any additional users except one unprivileged user, because you don't want to login as root remotely.

You want also to install wireguard and socat at this point, since you will need them later on.

Repeat as needed on the second external server!

To access home remotely and securely, using SSL/HTTPS with regular certificates, you must have a domain. Get whatever domain you can, the level doesn't matter but you must be able to add subdomains to your domain.

You need to point all your subdomains to your external server IP address, using an A record is a good idea, but any other way (CNAME, etc) is just fine.

So, assuming you have the following subdomains associated to your home services:

• mydomain.com → 99.99.99.99
• home.mydomain.com → 99.99.99.99
• mediaserver.mydomain.com → 99.99.99.99
• drive.mydomain.com → 99.99.99.99
• myotherservice.mydomain.com → 99.99.99.99
• external.mydomain.com → 99.99.99.99
• failback.mydomain.com → 77.77.77.77 (of course, this is the only exception)

Any new subdomain which needs to point to the home server, will need to be added to your domain DNS management to point to the 99.99.99.99 ip.

In case of a serious blackout of the 99.99.99.99, or the ISP1, you can still access your home trough 77.77.77.77, and you can, for prolonged blackouts, switch over your DNS records to this IP.