}}

You have three different network zones:

• The external zone, which is internet or in general anywhere outside your home. This will be on the other side of your ISP gateway/router/access point. It's considered dangerous and hic sunt leones.
• The internal zone, which is your home network, it's considered safe and comfy. Do not let unknown strangers have the WiFi password!
• The gray zone: between your server and the ISP gateway/router/access point. There is nothing here except all your NAT-ed traffic.

The internal network will be described in details later on. I assume you will choose a subnet like 10.0.0.0/24 for it.

The gray zone is dependent on your ISP, i will assume your ISP uses 192.168.1.0/24 subnet for it.

The external network is assumed to be behind CG-NAT (Carrier Grade NAT) and thus you do not have, and cannot have, a static IP visible from outside in any possible way. This is the commnon truth for mostly everybody nowadays.

For you lucky from the USA, where sometimes you can (maybe paying, or even for free) get a static IP, this might not apply, but since the world is big and 99% of people cannot access a static IP anymore…

Your home server will require two different network interfaces, either wired or WiFi doesn't matter.

Your remote server must be reachable using your domain name (i will assume mydomain.com) whatever that means for you, as far it's reachable with that domain, it's good. You should reserve a dedicated additional sub-domain like remote.mydomain.com because i will show you how to reflect the DNS setup on the internal network to point to your home server, so accessing your remote server from internal network will require the remote.mydomain.com name.

Your home server should be beefy enough to host and support all your services. Once you figure that out, the added overhead to manage the NAT, the tunnels and the reverse-proxy will be negligible.

You want something low-power tough and you might want something battery-protected to prevent strain on hard drives due to loss of power. You might also want something not too loud unless you plan to place everything in a secluded place (but watch out for heat buildup!)

My choice is an oldish powerful workstation-type laptop:

• it has at least one wired ethernet plug (the second one can be a USB-C gigabit ethernet adapter)
• it has keyboard and monitor, for those local access needs, without requiring a dedicated monitor wasting space
• doesn't reboot when there is a power loss at home
• Usually laptops are both less power-hungry and less noisy.

Of course, the drawback is that laptops have limited storage space. For this reason, i added a RAID JBOD solution connected via USB-3/USB-C with a conspicuously sized SSDs RAID array, and i plugged it to a cheapo low-wattage battery backup to keep the RAID array running in case of power-loss.

Are power loss frequent? No they aren't, but i do not want to run risks with my data.

Local, internal, server at home. It contains most of the services.

Remote, external, server hosted somewhere on the network. It acts as a thin client redirecting connections to I have a home server (i will call it “local”) and an external front-end server (i will call it “remote”). Everything is stored on the local server, the remote server is a thin lightweight server used only to tunnel back to the local server all the external requests.

The advantages of this solution are:

• Secure setup (encrypted tunnel to home, all services exposed trough https, well, almost all)
• Easy maintenance: only an SSH tunnel, the front end has nothing else installed except SSH.

• webcam / DVR access
• Photo backup and storage
• PRivate files sharing
• Sailing access
• Home Automation services
• GIT and such
• Printer and scanner
• Mobile devices synchronization
• more

File Server Set-up a full fileserver for remote access

Router Server Set-up your linux router

• Local host setup
• Remote host setup
• Interconnection tunneling
• nginx setup
• certbot (for HTTPS)

-oHostKeyAlgorithms=+ssh-rsa