How to Access Home Lab Using Internet
As an IT professional, I firmly believe that a lab environment is an essential need for practice & growth. Due to this reason, I built my lab environment using a high-end desktop last year. We can get the details of the configuration on the blog Desktop Build For SQL Server Lab.
With a self-hosted desktop/server, the challenge that we often face is the accessibility of the same when not at home. Following are the steps that I took to access my home lab website/server, say, the local Grafana website from the internet.
Step 1: Broadband that provides public IP
We need broadband that provides a public IP address. In my locality, Airtel & Hathaway provide public IP addresses with their broadband.
To verify if you have a public IP, simply match the IP addresses in the following 2 methods. If matched, then you have got a public IP.
- Check the IP Address on your router web page under WAN details.
- Google ‘What is my ip’. You should get what your IP address really is to the world.
Step 2: Accessibility within the local network
For example, I installed Grafana on machine Host-A in my home lab. I should ensure that the same Grafana website is accessible from other devices (other desktop, laptop, mobile) in the same home lab network.
- Add firewall exceptions for relevant services on the hypervisor, host, or VM level.
- Perform MAC address binding on the router web portal for each important server. This ensures a static IP address.
- Add port forwarding on the router web portal.
If installed within VM, then exceptions need to be added both at the hypervisor and VM level. Otherwise, just at the hypervisor level.
In complex scenario cases, you might need the help of other tools like nginx that help you redirect connectivity from hypervisor to VM.
If everything goes well till this point, then the service/server should be accessible from any other device/machine in the same home lab network. It would be reachable even on the internet using the public IP address of the host.
Step 3: SSL Certificate for Secure Web Access
Modern browsers like Google Chrome, Firefox, etc. do not allow insecure access to a web service. So we need to create & deploy an SSL certificate for the relevant service that we wish to expose on the internet.
This can be achieved either by purchasing a certificate or acquiring it from free SSL Certificate providers like ZeroSSL.com.
Step 4: Dynamic DNS Binding
By this point, we have a website with SSL certificate hosted locally that should be accessible from the internet using the public IP address of the host. Here the challenge is that this public IP address is dynamic, and might change with every reboot of the router.
So if we can register our dynamically changing public IP to a fixed DNS name each time it changes, we would be able to access the service/host easily using the DNS name.
The final task we need to perform is, to bind this dynamic public address with a DNS name so that we can connect to our service/host using the same DNS name. We need to ensure that the dynamic public IP is updated with DNS entry automatically every time the dynamic IP changes.
In my case, I am using noip.com where I have registered a host for DNS name ajaydwivedi.ddns.net, and I use the following PowerShell code to dynamically update the host IP address. Same can be found on https://github.com/imajaydwivedi/SQLMonitor/blob/dev/SQLMonitor/Update-SQLMonitorIP.ps1.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
[CmdletBinding()] Param ( [Parameter(Mandatory=$false)] [String]$InventoryServer = 'localhost', [Parameter(Mandatory=$false)] [String]$InventoryDatabase = 'DBA', [Parameter(Mandatory=$false)] [String]$CredentialManagerDatabase = 'DBA', [Parameter(Mandatory=$true)] [String]$UserName, [Parameter(Mandatory=$false)] [String]$WebsiteHostName = 'ajaydwivedi.ddns.net', [Parameter(Mandatory=$false)] [String]$HostPortNo = 3000 ) cls "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'INFO:', "Test connectivity to '$WebsiteHostName' on port $HostPortNo.." try { Test-NetConnection $WebsiteHostName -Port $HostPortNo -InformationLevel Detailed -ErrorAction Stop -WarningVariable netConnectionWarning | Out-Null [bool]$isOk = $true } catch { $errMsg = $_ [bool]$isOk = $false "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'ERROR:', "Test-NetConnection command failed with following error:-`n`n$errMsg`n" } if ( $netConnectionWarning -match 'failed' ) { [bool]$isOk = $false "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'WARNING:', "Connectivity test failed." } if( $isOk ) { "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'INFO:', "Connectivity to '$WebsiteHostName' on port $HostPortNo is fine." } else { "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'INFO:', "[Connect-DbaInstance] Create connection for InventoryServer '$InventoryServer'.." $conInventoryServer = Connect-DbaInstance -SqlInstance $InventoryServer -Database $InventoryDatabase -ClientName "Update-SQLMonitorIP.ps1" ` -TrustServerCertificate -ErrorAction Stop "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'INFO:', "Fetch [$UserName] password from Credential Manager [$InventoryServer].[$CredentialManagerDatabase].." $getCredential = @" /* Fetch Credentials */ declare @password varchar(256); exec dbo.usp_get_credential @server_ip = '*', @user_name = '$UserName', @password = @password output; select @password as [password]; "@ [string]$userNamePassword = Invoke-DbaQuery -SqlInstance $conInventoryServer -Database $CredentialManagerDatabase -Query $getCredential | Select-Object -ExpandProperty password -First 1 "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'INFO:', "Find out public ip of system.." $ip = (Invoke-RestMethod 'http://ipinfo.io/json').ip "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'INFO:', "Ip => '$ip'" "$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'INFO:', "Making below URI call..`n" $noipURL = “https://dynupdate.no-ip.com/dns?username=$UserName&password=$userNamePassword&hostname=$WebsiteHostName&ip=$ip" $noipURL try { $response = Invoke-WebRequest -Uri $noipURL # This will only execute if the Invoke-WebRequest is succesful. $statusCode = $response.StatusCode "`n$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'INFO:', "Dynamic DNS Update went successful with statuscode '$statusCode'." } catch { $statusCode = $_.Exception.Response.StatusCode.value__ "`n$(Get-Date -Format yyyyMMMdd_HHmm) {0,-10} {1}" -f 'ERROR:', "Dynamic DNS Update failed with statuscode '$statusCode'." $statusCode | Write-Error } } |
I created a SQLAgent job on a schedule of every 5 minutes that executes the below command in Operating System (CmdExec) step type:-
|
1 |
powershell.exe -executionpolicy bypass -Noninteractive C:\SQLMonitor\Update-SQLMonitorIP.ps1 -UserName "myNOIP.comUserName" |
With this, I am able to successfully access my locally hosted Grafana website https://ajaydwivedi.ddns.net:3000 from anywhere on the internet.
I hope this will be helpful to anyone looking to publish/host their own website/server.
Kindly like, subscribe & share if this blog helped you in any way.
Related Posts
About The Author
Ajay Dwivedi
I am Microsoft Certified Professional having 10+ years of experience in SQL Server Querying, Database Design, and Administration. I am fond of Query Tuning and like to automate things using TSQL & PowerShell. I also have experience of implementing end-to-end Data Warehouse solution, and Data Migration using ETL tools SQL Server Integration Services (SSIS), Pentaho Business Analytics, and have designed Database Inventory through PowerShell, Python, and Django etc.