External server

If you have read the Remote Access page, you should know why and what the external servers are. This page will give more details on how to select one and how to set it up.

I will assume you have two external servers with public IP addresses:

  • external-server1 with IP 99.99.99.99
  • external-server2 with IP 77.77.77.77

(It's ok if you have only one, of course, see my discussion on resillience in Remote Access)

Whether they are commercial servers, rented hardware, virtual servers or some box you plugged in in secret at your uncle workplace, i don't care. All you need is a public IP with a Linux operating system and a domain that you can point to it.

Selecting an external server

The best choice would be a physical hardware with unlimited bandwidth and data cap, and with free network attached console.

Now stop dreaming and get real.

There are different tiers of servers, and i assume they are all hosted on some networking provider premises (= outside your home):

  1. Your own hardware
  2. You rent some real hardware
  3. You rent some virtual machine on shared hardware (VPS)

The first option is probably stupid, as it brings on you the burden of hardware failures and maintenance. It make sense only when you can host it very close to you, where you can phisically go when needed, and if you can do it for free. Renting rack space can quickly cost as much as renting the entire server hardware itself.

The second option is the best for privacy, since you actually are the only user on the hardware itself, but it is slightly more expensive. And you can usually install the OS you like.

The last option is usually the cheapest option, the only drawback is that the underlying hardware is shared between many VPSes. Also often you cannot choose your OS.

Whatever option you choose, depending on budget and whatever preference you have, these are the minimum requirements you want to focus on:

  • public IP address (owuld be meaningless utherwise!)
  • enough bandwidth (10Mbit/s or better)
  • possibly no data-cap, or a reasonable one (100Gbit/months should be fine for light usage)
  • Linux operating system
  • Remote SSH access to the server (or some kind of VDI access)

Things you might want to consider (price for value):

  • Access to network console, for when the server doesn't boot and you need good old keyboard&mouse
  • Freedom to install your own OS (which will be Gentoo of course!)

Things that don't need money spent on:;

  • Storage (no data will be stored locally, only enough to install OS is needed)
  • RAM (8Gb should be more than enough, no services will run on the machine)
  • CPU (the smallest one will be more than capable to route IP packets)

Of course, pump up storage if you plan to use the server also for offsite-backup storage.

External server Setup

I assume you can install your own OS, so let's install Gentoo. Follow the Quick & Dirty Gentoo Installation but on your external server.

You don't need to install anything beside the bare minimum of the basic text-only installation.

Do not create any additional users except one unprivileged user, because you don't want to login as root remotely.

Referring to Remote Access page, you will want to install socat and create a tunnel user as well.

Repeat as needed on the second external server!

Domain Setup

To access home remotely and securely, using SSL/HTTPS with regular certificates, you must have a domain. Get whatever domain you can, the level doesn't matter but you must be able to add subdomains to your domain.

In this page i show how you need to set-up the domain for the internal network by adding your subdomains pointing to your home server. This of course will not work when accessing from outside.

You need to point all your subdomains to your external server IP address, using an A record is a good idea, but any other way (CNAME, etc) is just fine.

So, assuming you have the following subdomains associated to your home services:

  • mydomain.com → 99.99.99.99
  • home.mydomain.com → 99.99.99.99
  • mediaserver.mydomain.com → 99.99.99.99
  • drive.mydomain.com → 99.99.99.99
  • external1.mydomain.com → 99.99.99.99
  • external2.mydomain.com → 77.77.77.77

Any new subdomain which needs to point to the home server, will need to be added to your domain DNS management to point to the 99.99.99.99 ip.

In case of a serious blackout of the 99.99.99.99, or the ISP1, you can switch to 77.77.77.77 by updating the DNS records.