Cloud Bastion Server¶
HomelabOS can optionally configure a cloud based bastion server, which will route traffic to your HomelabOS instance without needing to forward ports on your home router.
This is desirable for three reasons.
- Less configuration - No need to configure your routers or firewalls, no port forwarding to mess with.
- Enhanced security - Your home IP address will not be exposed to the internet via DNS
- Email - Most ISPs block the ports necessary for email, this circumvents that
First you need a cloud server through a provider such as AWS or Digital Ocean.
You can use the HomelabOS Terraform feature, or set it up manually.
bastion config values to their correct settings.
make deploy as usual, and HomelabOS will take care of everything else.
Now point your domain name to your cloud server's IP address rather than your home IP address, and everything should be happy!
You can SSH port 22 on your cloud server to access the cloud server itself. Or you can SSH to port 2222 and you will be accessing the home server directly.
You can also use sshuttle to access your server
via a VPN. Install sshuttle then run
sshuttle -r USER@CLOUD_SERVER_DOMAIN 0/0.
You can now ssh directly to 10.0.1.2 and load http://10.0.1.2:8181 in a browser to access the Traefik dashboard for example.
On your HomelabOS server run
systemctl status wireguard-homelabos
On your bastion server run
systemctl status wg-quick@wg0