Ah classic IPoAC!

I run my webservers behind a pfsense firewall with ssl offloading(using a wildcard cert) with a static IP and use Haproxy to have sub-domain’s go to individual servers. Even though I’ve seen my fair share of scans, I only ever expose port 443 and keep things updated.

Recently though someone on here mentioned routing everything over Tailscale via a VPS. I didn’t want to pay for a VPS and frankly can’t even find one that is reasonably priced in the US(bandwidth limits mainly), so I threw Tailscale onto my pfsense, setup split-dns on Tailscale’s admin panel with my domain name, and then reconfigured Haproxy to listen on my Tailscale interface. Even got IPv6 working(huge pain due to a bug it seems). Oh and setup pfblocker.

My current plan is I’m going to run my webservers behind Tailscale and keep my game servers public and probably segment those servers to a different vlan/subnet/dmz/whatever. And maybe just have a www/blog landing page that is read only on 443 and have it’s config/admin panel accessible via my tailscale only.

Anyway, back on topic. I run my game servers and I don’t advertise them out anywhere(wildcard cert) and do whitelist only, yet I still see my minecraft servers get hit constantly on port 25565.

So not much you can do except minimize exposure as much as possible.

Just looked, I guess USA servers only include 1TB of bandwidth, EU gets 20TB included.

Absolutely wild lol.

Ah I’ll have to look into this then…gotta find a VPS that will hopefully have a Los Angeles location and have decent traffic bandwidth.

Honestly never thought to use a VPS like that before. We’ve all seen using a VPS as a VPN exit node. Do you run into quota limits on the VPS or Tailscale side? Too many requests/data?

I’m gonna have to look into this for fun lol

Could you explain your setup a bit more? Because my understanding is:

Let’s say you have a blog website in your homelab. To access the blog you have to: you go to your VPS’s hostname/IP, from there the VPS forwards your request over tailscale to your homelab which then responds with your blog website?

If that’s the case, why even have the VPS and instead just use tailscale to access your homelab directly?

Unless you intend to have the VPS be a load balancer in some way? Or a filter/firewall? Or you can’t do a static IP for your homelab but you want it to be publicly accessible?

Just trying to understand why you’re doing it this way. I love seeing all the crazy ways people can set things up like this lol

Kind of, TrueNAS has “CORE” which is FreeBSD and “SCALE” which is Linux.

If you’re on CORE 13.X you can actually side-grade over to SCALE.

CORE is in maintenance only and SCALE is the path forward. So you can still get some updates on CORE I think, but everyone should be switching over to SCALE or using SCALE from here on out.

Proxmox recommends to not install anything directly on the proxmox host/baremetal.

Personally I would set this up as:

Proxmox installed on whatever single disk or raid 1 array.

Create a TrueNAS(or whatever OS you want) VM inside Proxmox. Mount the rest of the drives directly to the TrueNAS VM via Proxmox’s interface.

In the TrueNAS VM take the drives that were mounted directly to it and setup your array and pool(s) to your preference.

Now, I’d say you have two paths from this point:

• Inside the TrueNAS VM use their tools to create a VM within TrueNAS and use that for your arr stack.

OR

• Go back to Proxmox and create another VM or container and setup your arr stack in that container and point it to your TrueNAS via network mounts using internal networking from within proxmox(virtual bridge with a virtual LAN).

Either option has pros and cons. Doing everything inside TrueNAS will be a bit more simple, but you do complicate your TrueNAS setup and you’re at the mercy of how TrueNAS manages VMs(backups, restores, etc.). On the reverse with Proxmox, setting up the vmbridge and doing the network mounts is more work initially, but keeping the arr stack in a Proxmox VM/container lets you do direct snapshots and backups of the arr stack, and if you ever need to rebuild it or change it to another arr style set of tools then you can blow away the Proxmox VM and start fresh and resetup the network mounts.

Or don’t do any of the above and just install TrueNAS on the box directly as the baremetal OS and do everything inside TrueNAS.

0 bytes free is a broken environment. So that requires a fix during moratorium IMO.

Mint 21 still has support until 2027, so not exactly needed…but I get it when you only see certain family members during specific times of the year.

I’m just saying doing a full migration from ESXI to Proxmox and having to backup all VMs and import them or recreate and doing this during the holidays…I’d rather just sit on the couch and enjoy family time than be stuck in my garage or glued to my laptop.

Upgrading a family member’s laptop while shooting the shit with everyone while drinking a beer or something is just fine. Don’t need 100% focus, you’re good there man.

At work we have a nearly 2 week moratorium that covers Christmas and New Years. We do zero changes unless something breaks on its own. So everyone can take time off without worrying too much.

So I do the same for my homelab. I’ll spin up new stuff for fun(new docker containers to try out new apps), but I don’t touch my stable stuff. No reboots, no updates, no image pulls, nothing.