Hello,
recently I recycled my old laptop and started out with OpenMediaVault. After some initial difficulties I figured out how things work. Just to mention: I’m not an IT guy but can solve and figure out things. I want to have access to one or another self hosted services. But I’m a bit lost which approach and tools to use without exposing and making my NAS vulnerable on the internet.
Do you know any beginner friendly guides especially for OMV? I also want to understand what happens if and what my next action causes/can cause. So I don’t just want to dumb follow a tutorial and that’s it.
Thank you for your help and please let me know if you need any more details.
I have no experience with OMV specifically, but generally making things accessible from outside your house means exposing it ti the internet.
However, what you can do is to only expose an openvpn port, so that to gain access as if you were at home you could connect via o0envpn first.
Does it mean I have to configure a VPN profile on all of the devices I need remote access from and I’m only able to access my NAS while this VPN profile is active?
No, just one. You set up one device/server as a VPN gateway (often called VPN concentrator), and you will have access to anything the concentrator has access to on your home network.
Either you just your VPN concentrator as your jump box, or you set up routing and firewalls to be able to access them directly.
I have used OMV for years. Great system.
I remote in using zeroTier.
It’s installed on the OMV server, and I have it on all my devices.
That puts all my devices on a virtual “local network” so I can explore my shared folders, log into the OMV admin panel, etc, anywhere in the world.
Has been working beautifully for me, for years.
I hope that helps.
But I’m a bit lost which approach and tools to use without exposing and making my NAS vulnerable on the internet.
You’re looking for a reverse proxy;
*.domian.dev { encode zstd gzip @jelly host jelly.domian.dev handle @jelly { reverse_proxy {selfhost_ip}:{port} } @ping host ping.domian.dev handle @ping { respond "pong!" } }Running caddy like this directly connects your
jelly.domain.devdomain to your selfhost ip on a specific port. From within your selfhost you ensure that you’re only allowing in the IP of the VPS, so no one can else can directly connect.Works great. I use this myself. I have a local NAS (with media) and run a jellyfin server from my PC (to use my GPU for transcoding). The jellyfin server only allows 1 remote IP (my VPS), and local connections. The local jellyfin server can be accessed via my domain at
jelly.domain.dev.
