How to self-host services when you can't use the public IP of your router

How to self-host services when you can't use the public IP of your router
Schema of the exercise

If you can't use the public IP router, it's maybe that you don't have a public IP, such problem can occur when you have a router that works with 4G, or if you don't want to expose the public IP of your house, in this case, maybe consider dyndns, it will be the public IP of your dyndns that will be exposed.


In first, you will need two things, a subscription to a VPS (virtual private server, for example contabo), and in second, a server that has access to the internet. I recommend contabo for the VPS, their service is excellent and it is pretty cheap, ~5$ per month. And for the server, any computer with ubuntu server installed on it will do the trick.

In second, connect to your VPS server and create an account with this command, it will ask some information, fill it at your pleasure, but use a strong password, this is exposed to the internet :

sudo adduser username

Before executing the reverse ssh command, you need to do some change to your ssh's config file, edit the config file with this command :

sudo nano /etc/ssh/sshd_config

And add that at the end of your file

GatewayPorts yes

And restart the ssh service with this command

sudo service ssh restart

After that, connect to your home server, the command you will use is a reverse ssh tunnel, it's redirect trough the tunnel all the tcp request at your distant server to your home server. This command overtake the firewall rules, it's one of his advantage.‌‌
Syntax :
ssh
-o ServerAliveInterval=180(seconds after the client will close the connection) -o ServerAliveCountMax=2(time of total second that it allow before closing the connection)
-f(ssh will be executed in the background and not in the CLI)
-N(don't execute a command to the distant server)
-T(Disable pseudo-terminal allocation)
-R80:localhost:80(option that specify it's a reverse ssh tunnel, first port is the distant port, the name in the middle is where the request will be redirected and the last is the local port)
username@8.8.8.8(before the @ is the username of the ssh user used for the connection to the distant server and after the @ is the adress of the distant server)
Command :

ssh -o ServerAliveInterval=180 -o ServerAliveCountMax=2 -f -N -T -R80:localhost:80 username@8.8.8.8

Once that you had enter this command on your home server, all tcp request at the port 80 to your VPS server will be redirected to your home server via the ssh tunnel. Do the same comment but replace the 80 port by 443, with that, all the web port is redirected to your home server.

The last thing you need to do is to have a dns name who is pointed to the public IP of your VPS server. You can get a free DNS name at freenom.com.

Now, you can install a web server on your home lab, and with the correct parameter, people on the world can reach it !

I will do it an article about how to do that later.