outcoldman Denis Gladkikh

How to avoid VPN at home


In October 2014 I wrote a blog post about how to setup Open VPN at home to have access to home server and all services from outside. This setup worked fine for me for a last year, but there were few annoying things which I did not like:

I knew very simple solution: don’t use VPN, just expose all services outside. Obviously not the most secure solution. You don’t want to connect to them over HTTP. I’m not a paranoiac, but if it is possible to make it a little bit more secure with small effort - why not do that. So I will be less worry about when I should and when I should not connect to my home services when I’m connected to public Wi-Fi hotspot.

I bought a wildcard certificate and using the same docker deployment I used with VPN. I have set it up with the help of nginx-proxy. Now with I can very simple to deploy any service I want on my domain. For example if I want to deploy Jenkins I can just pull the image, run it in docker with special environment variable -e="VIRTUAL_HOST=jenkins.example.com" and I will have access to it from outside over HTTPS. Pertty cool. Wildcard certificates are expensive, and it was possible to use cheaper solutions:

So my setup consists now from next components:

And the great part about SSH - you can tunnel anything from the internal network through SSH using next command

ssh user@example.com -L {LOCAL_PORT}:{REMOTE_SERVICE}:{REMOTE_PORT}


For example this is how you tunnel VNC

ssh user@example.com -L 15900:

Now you can connect to the vnc:// and it will forward you to the example.com:5900 using example.com:22.

This is how you tunnel VNC for some other machine in your home network

ssh user@example.com -L 25900:ubuntubox:5900

So now if you will try to connect to vnc:// you will be tunneled to the ubuntubox:5900 in your home network.

Useful tips:

Have feedback or questions? Looking for consultation?

My expertise: MongoDB, ElasticSearch, Splunk, and other databases. Docker, Kubernetes. Logging, Metrics. Performance, memory leaks.

Send me an email to public@denis.gladkikh.email.

The content on this site represents my own personal opinions and thoughts at the time of posting.

Content licensed under the Creative Commons CC BY 4.0.