Labels

Monday, July 18, 2022

Setting up the RPiGateway into my HomeLab

So now that I have a better handle on how the wifi works at GSV, I want to provide myself a way into the HomeLab through a portal.  I have a Raspberry Pi, RPiGateway, that is connected to the GSV portal wifi network that I can get to from my iPad.  I have the luxury of being able to get out that Raspberry Pi from anywhere on campus using my iPad through the wifi network. I want to be able to get to applications, update my HomeLab services, change things within my HomeLab, and do other types of things remotely.  I can do this by setting up the RPiGateway for access.  I will need to control access to the RPiGateway to ensure that only known entities should be able to access the information.  That means that my personal laptop or any iPhone/iPad device that I own should be able to get into the network.  Access control can be done via encryption and known certificates.  So the following items may need to be considered:

  • Use certificates validated through Lets Encrypt and their process of 90 days
  • Use synchronous certificates that are self certified including a local CA
  • Provide both SSH and VPN access into the HomeLab through RPiGateway
  • SSH should rely on the synchronous certificates
  • VPN should rely on the Lets Encrypt certificates
  • I have the following protocols that need to be addressed over each HomeLab service: RDP, HTTP/HTTPS, SSH
  • May have to include some NGINX and Apache Guacamole interfaces to equipment
    • Might need to decide if this is a service through the Proxmox server, or on the RPiGateway
    • Security might need to be offloaded from RPiGateway
  • What needs to be done to the HomeLab side of RPiGateway to decrease risk if RPiGateway is compromised
All of these elements need to be considered.  Right now I can start setting things up that are accessible via the SSH port on RPiGateway, even though this would mean some special Apps on the iPhone/iPad.

Update: it turns out that getting a Lets Encrypt cert is a pain if you don’t have internet access to your web server.  This is not my case, so I will have to rely on a local CA to do certificates.  I am also realizing that I may want to move RPiGateway further into the HomeLab in the future, so I need to adjust for that.


Posted by at
Labels: , ,