10-Minute Guide to a Secure Remote Home Lab Setup

Рет қаралды 36,355

Күн бұрын

Secure your home lab in just 10 minutes using Cloudflare & Zimaboard! In this video, I demonstrate the simplicity and efficiency of combining Cloudflare tunnels with the Zimaboard platform to achieve secure remote access to services running in your LAN.
Zimaboard 832 (affiliate): geni.us/roEVP
Wake & Brew Premium Coffee! wakeandbrewpremiumcoffee.com/...
#Cgnat #Cloudflare #TwofactorAuthentication #CloudflareTunnels #HomeLab #zimaboard
CHAPTERS:
0:00 - Intro
1:57 - Introduction to Cloudflare Tunnels
3:43 - ZimaBoard 832 Setup Guide
5:38 - ZimaBoard 832 Features Overview
6:49 - Installing OpenSpeedTest on ZimaBoard
8:13 - Configuring Cloudflare Tunnels
14:20 - Enhancing Security with Email PIN
15:41 - Adding Applications to Your Home Lab
18:18 - Advanced Security Measures for Home Lab
-----------------------------------------
Buy me a coffee! ko-fi.com/crosstalk
Crosstalk Discord: / discord
Follow me on:
- Twitter: / crosstalksol
- Facebook: crosstalksolutions
- Instagram: / crosstalksolutions
- TikTok: / crosstalksolutions
- LinkedIn: goo.gl/j2Ucgg
Crosstalk Solutions - RECOMMENDED PRODUCTS: crosstalksolutions.com/recomm...
Amazon Wish List: a.co/7dRXc67
Crosstalk Solutions offers best practice phone systems and network/wireless infrastructure design/deployment. Visit www.CrosstalkSolutions.com for more info!

Пікірлер: 58

@hornetbad 4 ай бұрын

i was using cloudflare tunnel for some time BUT when i used tailscale i never looked back 👍thank you for this video man

@massgrave8x 3 ай бұрын

two different product with two different purposes as far as I am aware. how did you replace cloudflare tunnel with tailscale?

@tetsujinXLIV 4 ай бұрын

The timing of this video is awesome! I plan on setting this up this weekend! Thanks for all the great videos!

@SickBeard 4 ай бұрын

Whenever this comes up, I just want to make sure that people are aware that Cloudflare MITMs all of your traffic (including HTTPS; going over the tunnel). That might be perfectly fine for most people, I just feel like they should be made aware.

@PowerUsr1 4 ай бұрын

Totally agree with you and I think Tom Lawrence did put a disclaimer. None the less I highly suggest setting up VPN.

@LAWRENCESYSTEMS 4 ай бұрын

@@PowerUsr1 Yes also, people get excited about "Free Things" but Cloudflare Tunnels are a lock in to Cloudflare

@gibahcanada4494 4 ай бұрын

Man.. Thank you very much. This example helped me a bunch with my setup!!!

@chrisumali9841 4 ай бұрын

Thanks for the demo and info, have a great day

@breezy8504 4 ай бұрын

Thanks for the shout-out!

@aflea8272 4 ай бұрын

thanks for the video. got it all set up and working with my rasberry pi 5 im configuring to replace my old pi 2b

@redeux 4 ай бұрын

Very cool. I hadnt yet seen the cf zero trust functionality used yet. That does look pretty interesting for some use cases I've been throwing around. Thanks for the video!

@conrat2000 4 ай бұрын

I really like Tailscale. But thos looks cool as well Thank!

@mikeborrego9795 4 ай бұрын

Can this setup be used to lock down my Reolink camera remote access

@itninja9503 Ай бұрын

would have been awesome if you showed how to set up an RDP connection.

@bruxodasilva 4 ай бұрын

X in 10 mins, explained in a 20 min video :D Joke aside, keep up the excellent job!

@redeux 4 ай бұрын

My SO makes fun of me for doing this. I am glad I'm not the only one who confuses how long 10 minutes is 😅

@Movies4118 4 ай бұрын

Does CF tunnels allow for on-http/https traffic such a tcp/udp to be exposed via tunnels?

@EuroPC4711 4 ай бұрын

Thanks for the great video. I followed your instructions and got my zima board working. But adding my Diskstation failed, telling me „Bad gateway“. I may have figured it out. HTTP works. But not https.

@JoeRanieri 4 ай бұрын

Can you still connect with home assistant companion app, if you lock down the tunnel?

@ShermNE 4 ай бұрын

Can this method be a replacement for NGINx proxy manager? I would like to do this with Vaultwarden.

@gotelldonn 4 ай бұрын

Where can I get that shirt? Have to have it!

@patriknilsson4416 4 ай бұрын

Great video! I have managed to do everything you demonstrate in the video. One thing I can't figure out how to accomplish though is how to pipe the inform-traffic from my remote sites, through the Cloudflare tunnel, to my locally installed CloudKey. If you can show how to configure that I will be forever loyal to your channel. The only holes that remains to be closed in my firewall are these holes for inform- and STUN-traffic from my remote sites.

@CrosstalkSolutions 4 ай бұрын

UniFi inform traffic is HTTP over port 8080, so I would think if you match up the same rule (ie. Cloudflare FQDN forwards to HTTP 8080 on your local UniFi controller) that should work? I'm just not sure if UniFi devices will like having to go through HTTPS to get there...I've never tried it.

@patriknilsson4416 4 ай бұрын

@@CrosstalkSolutions Well, that's what I thought as well. However, I can't get these messages through the tunnel. Everything else I send that way reach its destination, including reaching the CloudKey's web interface. But the inform traffic refuses. Isn't that a challenge for a the next video ;-)

@mrxmry3264 4 ай бұрын

i use tailscale to remotely access my home assistant. so far its been pretty reliable (but will it stay that way?) the only issue is that it sucks the battery dry FAST.

@lhamil64 4 ай бұрын

Your home assistant server is running on battery?

@jadamsnz 4 ай бұрын

@@lhamil64 I imagine he’s using a battery powered mobile device of some sort to access his Home Assistant and the Tailscale client for the mobile device is power hungry.

@mrxmry3264 4 ай бұрын

@@jadamsnz exactly.

@jnmanor 3 ай бұрын

What is the solution for SMB?

@cameronpalm4617 4 ай бұрын

So if you go this route, does this make it super easy to pull let’s encrypt ssl carts for your homeland devices? Eg a synology?

@CrosstalkSolutions 4 ай бұрын

Cloudflare creates the SSL certs for the domain that you add - no need for Let's Encrypt on the device locally...all traffic is valid SSL traffic. There is an argument to be made for not having control over the SSL cert though as I'm sure many in comments will bring up - that's a decision you'd have to weigh.

@cameronpalm4617 4 ай бұрын

@@CrosstalkSolutions I figured remote ssl was handled via the tunnel, but my pet peeve is getting rid of ssl warning in local lan. It is a topic I’ve always hoped you would cover as my setup is similar to yours. But I don’t want to expose everything to the web. I’m also am having trouble getting through my gateway to my dream machine. So right now I’m tooling with setting up a “.internal” TLD and using unbound or nginx to redirect dns queries locally and issue my own carts. There is some discussion of using bind for it, but the few tutorials I’ve read have the bind server be your dhcp server as well, and I want to keep my dhcp through UniFi.

@romayojr 4 ай бұрын

@@cameronpalm4617you could setup pihole for your local dns. that’s what i use with my homelab

@kevinoconnor6570 4 ай бұрын

Is this CG-NAT or do they use IPv6 to IPv4 translation?

@CrosstalkSolutions 4 ай бұрын

It's CGNAT.

@LordHog 4 ай бұрын

I was able to follow the instructions and the tunnel is working on my PiKVM. My problem is I am still able to go directly to the site without being prompted for one-time pin even after adding the Access Application

@LordHog 4 ай бұрын

Argh, so frustrating. I have watched two other video which basically show the same info, but my configuration still doesn't work.

@CrosstalkSolutions 4 ай бұрын

Double-check the Application rules - make sure you have the * in the hostname so that the application catches all sub-domains.

@LordHog 4 ай бұрын

@@CrosstalkSolutions Funny, I just added a new "Application domain", but this time I left the "subdomain" blank. So now there are two two Application Domains. Both have the same domain, but one has an "*" for the subdomain and the other one is left blank for the subdomain. Now, when I go to the domain I see the "Get a login code emailed to you". I don't understand.

@thecircusb0y1 4 ай бұрын

Vim for days

@Cam.Klingon 4 ай бұрын

I looked into your training, but it's expensive for what it is.

@htcmagic 4 ай бұрын

Self-Hosted ZeroTier all day and all night.. love CloudFlare but marry with zerotier. 😂😂😂

@Shamrock013 4 ай бұрын

Not sure what I'm doing wrong.. Installed Cloudflared, Configured the Tunnel in the ZT Dash, it shows healthy, but when I try to access that environment, it drops. I'm just getting a 404, and it doesn't look like DNS is resolving. Is the CNAME supposed to resolve properly?

@CrosstalkSolutions 4 ай бұрын

If you do it too quickly, sometimes the SSL cert hasn't been generated yet - give it a bit and try back later.

@Shamrock013 4 ай бұрын

@@CrosstalkSolutions looks like Cloudflare was having a DNS propagation issue when I was attempting this. What timing on your video and CF's issue!

@jackipiegg 4 ай бұрын

unless you're out of the loop, there's multiple n100 boards with 2.5g ethernet built it for the same price on amazon. Are you being paid by them or something.

@CrosstalkSolutions 4 ай бұрын

Which one is your favorite model? List it here and I'll check it out.

@markbooth3066 4 ай бұрын

If you think that coffee tastes good after being ruined in a blade grinder, you really should pick up a cheap burr grinder. You wouldn't believe how much better it would taste, even if you do ruin it further in a drip coffee maker. *8')

@CrosstalkSolutions 4 ай бұрын

Pro tip - thanks!

@markbooth3066 4 ай бұрын

I can't tell if that's sarcasm or not @@CrosstalkSolutions , but I'm glad you like your friends coffee, and if it's as good as you say, people who try it will keep going back for more, even if they do ruin it with blade grinders and drip coffee makers. *8')

@WakeandBrewCoffee 4 ай бұрын

@@markbooth3066Hey! The good thing about our coffee is it tastes great even if a blade grinder, Burr grinder, drip machine, pour over or French press is used to enjoy! Our beans are roasted the day your order ships and shipping is always free in the USA! Thanks for checking us out!

@aaronboggs5799 3 ай бұрын

As a coffee enthusiast myself, I will caution that that rabbit hole can go deep and get quite expensive. For regular coffee, you can do quite well with a quality hand grinder and something like a V60 pour over or AeroPress.