This video showed up at just the right time for me, just right after I finished your video about Headscale :) My ISP changes my IP once a week. Since I want to delve into a homelab setup, I plan to host some services on my local, dedicated setup. This will be helpful alongside implementing CloudFlare to help protect some traffic. I've found your videos to be very educational and presented in a way that gets you form A to B to C in a very organized way. Great job and thanks for your work!
That’s a neat setup. I’m using a container that’s running a bash script checking my public IP and updating it via cloudflare API. Probably should have checked for other solutions before writing my own script and container. But I learned how to create a container image and publish it to container registry
Good video. I've been using dynamic DNS ever since I've started selfhosting. I use the linuxserver duckdns container and added my own dynu bash scripts (dynu is much more reliable than duckdns). Well it worked great as always, many public wifi has attempted to block dynamic DNS which pre-much cripples my entire homelab (can't even VPN b/c Wireguard uses ddns as I don't have staic IP). I've now switched to tailscale (require setup an exit node) and seems to restore my homelab.
Great video, but I found a couple minor issues with the documentation that I thought I'd mention. First the link to your docker compose github page is broken. The link has a hyphen, while the github page doesn't. It was very easy to find the actual page once I looked at the full list of your documentation (which is all great). It took me several minutes to figure out the difference between the link and the page, so those hyphens can be sneaky. :) Second, the "config" file, actually needs to be a directory. Then, within that directory you need a "ddclient.conf" file that contain the configuration details from your config file. Thanks again and keep up the good work.
I currently use DuckDNS within pfSense. I assume going with Cloudflare would break any e-mail address forwarding configured within Cloudflare for the domain as the DNS records would point to your home IP instead of Cloudflare's?
Option 3 for me. I’ve stopped using dynamic dns services. Now I have a script that runs every 60 mins. The script does an nslookup of my host, and compares that to my public ip. If this happens it updates my dns provider using a curl and then have telegram notify me that my ip changed.
No. but you could look at Cloudflare Tunnels - just be mindful of the ToS and privacy implications. Otherwise use something like Tailscale/Netbird/Headscale - I have many videos on them.
@Jims-Garage I'm a cloud network engineer. I get your point but the dangers of having an open firewall port are real. DDNS gives attackers a public DNS zone to look at and build target lists from. I wouldn't open any firewall ports and nat without a robust IPS/IDS setup, and that kills bandwidth on opnsense and pfsenae unless you have very robust hardware. And that doesn't even take 0 day vulnerability into consideration. Tunnels isolate the traffic to the docker network and keep the rest of the network protected. Unless there's a 0 day docker vulnerability..... nothing is safe..... We're doomed
This video showed up at just the right time for me, just right after I finished your video about Headscale :) My ISP changes my IP once a week. Since I want to delve into a homelab setup, I plan to host some services on my local, dedicated setup. This will be helpful alongside implementing CloudFlare to help protect some traffic. I've found your videos to be very educational and presented in a way that gets you form A to B to C in a very organized way. Great job and thanks for your work!
Glad I could help! Thanks for leaving a message.
Like your simple explanation, I will be using this with OPNsense
Thanks for sharing
Glad it was helpful!
Pretty nice video buddy, perfectly planned and executed and will surely satisfy max users imo.
Keep making great videos ;-))
Thanks, will do!
Been meaning to get around to this. Great timing
!
Thanks. Which option are you going with?
That’s a neat setup. I’m using a container that’s running a bash script checking my public IP and updating it via cloudflare API. Probably should have checked for other solutions before writing my own script and container. But I learned how to create a container image and publish it to container registry
That's great and especially if you've also learned how to create a container!
Good video. I've been using dynamic DNS ever since I've started selfhosting. I use the linuxserver duckdns container and added my own dynu bash scripts (dynu is much more reliable than duckdns). Well it worked great as always, many public wifi has attempted to block dynamic DNS which pre-much cripples my entire homelab (can't even VPN b/c Wireguard uses ddns as I don't have staic IP). I've now switched to tailscale (require setup an exit node) and seems to restore my homelab.
@@kevinhu196 nice, tailscale is awesome 😎
Great video, but I found a couple minor issues with the documentation that I thought I'd mention.
First the link to your docker compose github page is broken. The link has a hyphen, while the github page doesn't. It was very easy to find the actual page once I looked at the full list of your documentation (which is all great). It took me several minutes to figure out the difference between the link and the page, so those hyphens can be sneaky. :)
Second, the "config" file, actually needs to be a directory. Then, within that directory you need a "ddclient.conf" file that contain the configuration details from your config file.
Thanks again and keep up the good work.
Thanks, you're right! I'll make those fixes.
Thanks. Of the 3 firewalls you have covered, which do you use in your lab ?
Currently on OPNSense but likely to move to pfSense due to better WireGuard performance. We'll see :) - they're all solid TBH
have you run benchmarks i know the difference was pfsense being on freebsd 14 now that opnsense is on free bsd 14 they should be even
My newest Dynamic DNS solution: Caddy Server + related DNS module.
@@codeman99-dev nice, I'll have to check that out.
I currently use DuckDNS within pfSense. I assume going with Cloudflare would break any e-mail address forwarding configured within Cloudflare for the domain as the DNS records would point to your home IP instead of Cloudflare's?
No, it works with Cloudflare proxies.
Option 3 for me. I’ve stopped using dynamic dns services. Now I have a script that runs every 60 mins. The script does an nslookup of my host, and compares that to my public ip. If this happens it updates my dns provider using a curl and then have telegram notify me that my ip changed.
@@HaydonRyan nice, I like that!
Does this work if you are behind a CG-NAT?
No. but you could look at Cloudflare Tunnels - just be mindful of the ToS and privacy implications. Otherwise use something like Tailscale/Netbird/Headscale - I have many videos on them.
I got some crappy bash script on my crappy router which triggers when ip changes 😆
@@user-qh5zz7dy1h nice, if it works it works
Please make a video of defguard, Open Source Enterprise SSO & VPN.
I am usuing duckdns docker, I believe it's easier
Nice , I did see that but I felt ddclient was more flexible with fewer options.
It's 2024. Stop living in the stone age and use cloudflare tunnels.
@@JamesMartin2014 no, thanks. I value my privacy.
@Jims-Garage I'm a cloud network engineer. I get your point but the dangers of having an open firewall port are real. DDNS gives attackers a public DNS zone to look at and build target lists from. I wouldn't open any firewall ports and nat without a robust IPS/IDS setup, and that kills bandwidth on opnsense and pfsenae unless you have very robust hardware. And that doesn't even take 0 day vulnerability into consideration.
Tunnels isolate the traffic to the docker network and keep the rest of the network protected. Unless there's a 0 day docker vulnerability.....
nothing is safe..... We're doomed