Hello,

recently I recycled my old laptop and started out with OpenMediaVault. After some initial difficulties I figured out how things work. Just to mention: I’m not an IT guy but can solve and figure out things. I want to have access to one or another self hosted services. But I’m a bit lost which approach and tools to use without exposing and making my NAS vulnerable on the internet.

Do you know any beginner friendly guides especially for OMV? I also want to understand what happens if and what my next action causes/can cause. So I don’t just want to dumb follow a tutorial and that’s it.

Thank you for your help and please let me know if you need any more details.

  • sem@lemmy.blahaj.zoneEnglish
    1·
    2 hours ago

    You are lucky in a way that OMV has a fantastic documentation suite. it is not too long, and I recommend reading it cover to cover, as well as the omv-plugins and omv-extras documentation, skipping over anything that’s not interesting, but seeing that it’s there for future reference.

    OMV is interesting to me because it gives you a gui that lets you do many difficult or advanced things fairly quickly, but it is not always clear what all the options do, and things don’t always work as expected. But the documentation will lead you well.

    My advice is start slow, stick to the garden path (don’t try anything custom or unusual), and frequently browse the forums.

  • lka1988@sh.itjust.worksEnglish
    4·
    1 day ago

    First and foremost: Do not expose your host system or the OMV admin interface to the internet. Ever. Doing so is only asking for trouble. Only expose services that have been properly isolated from the rest of the network and host system. Everything else you can access via VPN, or locally.

    Secondly: OpenMediaVault beginner’s guide by DB Tech. Him, Craft Computing, Hardware Haven, and a few others whose names currently escape me, are all solid sources for learning how to host things at home.

    After OMV, I would start with learning Docker and other containerization methods, and VMs.

    • TentinQuarantino@feddit.orgOPEnglish
      2·
      8 hours ago

      You’re totally right and it wasn’t my plan. I actually deployed some services in a mix of docker compose and portainer. With separate UID and GID for each of them. And the idea is to really expose the 1 or 2 services for remote control.

      Oh think I saw this guy’s tutorial regarding docker an OMV. I will watch the whole series. Thank you for your help

      • lka1988@sh.itjust.worksEnglish
        1·
        4 hours ago

        Sounds like you’re pretty familiar already! I use OMV for my NAS and have several NFS shares for various services. It’s a solid solution IMO.

  • neidu3@sh.itjust.worksEnglish
    5·
    1 day ago

    I have no experience with OMV specifically, but generally making things accessible from outside your house means exposing it ti the internet.

    However, what you can do is to only expose an openvpn port, so that to gain access as if you were at home you could connect via o0envpn first.

    • TentinQuarantino@feddit.orgOPEnglish
      2·
      1 day ago

      Does it mean I have to configure a VPN profile on all of the devices I need remote access from and I’m only able to access my NAS while this VPN profile is active?

      • neidu3@sh.itjust.worksEnglish
        4·
        8 hours ago

        No, just one. You set up one device/server as a VPN gateway (often called VPN concentrator), and you will have access to anything the concentrator has access to on your home network.

        Either you use your VPN concentrator as your jump box, or you set up routing and firewalls to be able to access them directly.

  • makingStuffForFun@lemmy.mlEnglish
    3·
    1 day ago

    I have used OMV for years. Great system.

    I remote in using zeroTier.

    It’s installed on the OMV server, and I have it on all my devices.

    That puts all my devices on a virtual “local network” so I can explore my shared folders, log into the OMV admin panel, etc, anywhere in the world.

    Has been working beautifully for me, for years.

    I hope that helps.

    • TentinQuarantino@feddit.orgOPEnglish
      1·
      9 hours ago

      Oh that’s interesting! I never heard about it tbh. But if it is preinstalled it should lay on the hand to (at least) try it out. Thanks a lot for your comment!

  • Xanza@lemm.eeEnglish
    3·
    1 day ago

    But I’m a bit lost which approach and tools to use without exposing and making my NAS vulnerable on the internet.

    You’re looking for a reverse proxy;

    *.domian.dev {
        encode zstd gzip
        @jelly host jelly.domian.dev
        handle @jelly {
                reverse_proxy {selfhost_ip}:{port}
        }
        @ping host ping.domian.dev
        handle @ping {
                respond "pong!"
        }
}

    Running caddy like this directly connects your jelly.domain.dev domain to your selfhost ip on a specific port. From within your selfhost you ensure that you’re only allowing in the IP of the VPS, so no one can else can directly connect.

    Works great. I use this myself. I have a local NAS (with media) and run a jellyfin server from my PC (to use my GPU for transcoding). The jellyfin server only allows 1 remote IP (my VPS), and local connections. The local jellyfin server can be accessed via my domain at jelly.domain.dev.

    • TentinQuarantino@feddit.orgOPEnglish
      2·
      9 hours ago

      Thank you for your tip! Reverse proxy was one of the techniques I was referencing in my post. But somehow I didn’t get how this thing functions. It’s easier than some might think actually. But on the weekend I have to sit down and nail it down to a solution