this post was submitted on 18 Mar 2025
10 points (100.0% liked)

Selfhosted

44601 readers
2298 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
10
OMV remote access (feddit.org)
submitted 2 days ago by [email protected] to c/[email protected]
15 comments fedilink hide all child comments
 

Hello,

recently I recycled my old laptop and started out with OpenMediaVault. After some initial difficulties I figured out how things work. Just to mention: I'm not an IT guy but can solve and figure out things. I want to have access to one or another self hosted services. But I'm a bit lost which approach and tools to use without exposing and making my NAS vulnerable on the internet.

Do you know any beginner friendly guides especially for OMV? I also want to understand what happens if and what my next action causes/can cause. So I don't just want to dumb follow a tutorial and that's it.

Thank you for your help and please let me know if you need any more details.

top 15 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 14 hours ago* (last edited 14 hours ago) (1 children)

You are lucky in a way that OMV has a fantastic documentation suite. it is not too long, and I recommend reading it cover to cover, as well as the omv-plugins and omv-extras documentation, skipping over anything that's not interesting, but seeing that it's there for future reference.

OMV is interesting to me because it gives you a gui that lets you do many difficult or advanced things fairly quickly, but it is not always clear what all the options do, and things don't always work as expected. But the documentation will lead you well.

My advice is start slow, stick to the garden path (don't try anything custom or unusual), and frequently browse the forums.

[–] [email protected] 1 points 3 hours ago

It is exactly what I'm doing. First I just created an SMB folder on the home network. Next paperless-ngx. After that Immich. But only on the local network. Now I want to go a step further. And I always get back to the documentation if I need something new. Regarding the garden path: exactly the reason why I explicitly asked for OMV. Thank you for your contribution. Much appreciated!

[–] [email protected] 4 points 1 day ago* (last edited 1 day ago) (1 children)

First and foremost: Do not expose your host system or the OMV admin interface to the internet. Ever. Doing so is only asking for trouble. Only expose services that have been properly isolated from the rest of the network and host system. Everything else you can access via VPN, or locally.

Secondly: OpenMediaVault beginner's guide by DB Tech. Him, Craft Computing, Hardware Haven, and a few others whose names currently escape me, are all solid sources for learning how to host things at home.

After OMV, I would start with learning Docker and other containerization methods, and VMs.

[–] [email protected] 2 points 21 hours ago (1 children)

You're totally right and it wasn't my plan. I actually deployed some services in a mix of docker compose and portainer. With separate UID and GID for each of them. And the idea is to really expose the 1 or 2 services for remote control.

Oh think I saw this guy's tutorial regarding docker an OMV. I will watch the whole series. Thank you for your help

[–] [email protected] 2 points 17 hours ago (1 children)

Sounds like you're pretty familiar already! I use OMV for my NAS and have several NFS shares for various services. It's a solid solution IMO.

[–] [email protected] 2 points 3 hours ago

Tbh it took some time to get a feeling for the whole thing but now I can handle the thing pretty well. That's why I thought it's time for the next step. And I like it as well!

[–] [email protected] 3 points 1 day ago (1 children)

I have used OMV for years. Great system.

I remote in using zeroTier.

It's installed on the OMV server, and I have it on all my devices.

That puts all my devices on a virtual "local network" so I can explore my shared folders, log into the OMV admin panel, etc, anywhere in the world.

Has been working beautifully for me, for years.

I hope that helps.

[–] [email protected] 1 points 21 hours ago

Oh that's interesting! I never heard about it tbh. But if it is preinstalled it should lay on the hand to (at least) try it out. Thanks a lot for your comment!

[–] [email protected] 3 points 2 days ago* (last edited 2 days ago) (1 children)

But I’m a bit lost which approach and tools to use without exposing and making my NAS vulnerable on the internet.

You're looking for a reverse proxy;

*.domian.dev {
        encode zstd gzip
        @jelly host jelly.domian.dev
        handle @jelly {
                reverse_proxy {selfhost_ip}:{port}
        }
        @ping host ping.domian.dev
        handle @ping {
                respond "pong!"
        }
}

Running caddy like this directly connects your jelly.domain.dev domain to your selfhost ip on a specific port. From within your selfhost you ensure that you're only allowing in the IP of the VPS, so no one can else can directly connect.

Works great. I use this myself. I have a local NAS (with media) and run a jellyfin server from my PC (to use my GPU for transcoding). The jellyfin server only allows 1 remote IP (my VPS), and local connections. The local jellyfin server can be accessed via my domain at jelly.domain.dev.

[–] [email protected] 2 points 21 hours ago

Thank you for your tip! Reverse proxy was one of the techniques I was referencing in my post. But somehow I didn't get how this thing functions. It's easier than some might think actually. But on the weekend I have to sit down and nail it down to a solution

[–] [email protected] 5 points 2 days ago (2 children)

I have no experience with OMV specifically, but generally making things accessible from outside your house means exposing it ti the internet.

However, what you can do is to only expose an openvpn port, so that to gain access as if you were at home you could connect via o0envpn first.

[–] [email protected] 1 points 5 hours ago

I recommend WireGuard instead of OpenVPN. WireGuard is baked into the kernel so it should work better.

[–] [email protected] 2 points 2 days ago (1 children)

Does it mean I have to configure a VPN profile on all of the devices I need remote access from and I'm only able to access my NAS while this VPN profile is active?

[–] [email protected] 4 points 2 days ago* (last edited 21 hours ago) (1 children)

No, just one. You set up one device/server as a VPN gateway (often called VPN concentrator), and you will have access to anything the concentrator has access to on your home network.

Either you use your VPN concentrator as your jump box, or you set up routing and firewalls to be able to access them directly.

[–] [email protected] 2 points 21 hours ago

Oh, now get it! Thank you very much for your suggestion. I will read into it on the weekend