Over the last year, I've been on a rewarding journey of home lab experimentation, and the best thing I've added to it isn't a 64-core Threadripper CPU; it's something far more affordable. It's a virtual private server (VPS), which I rent for the low yearly cost of just $32. That's like a week's worth of coffee beans, except instead of keeping me caffeinated, it keeps me connected to my home network when away from it. Well, that's one thing I've used it for so far, anyway, and I've got plans for more.

While I love self-hosting services, I don't love keeping ports open to the internet or worrying about securing my home network from attack. In my estimation (and that of many security experts), it's better to use NAT traversal and STUN than it is to keep ports open permanently, and it keeps my home lab safer. Plus, I've got about 60GB of SSD storage to use, so I can use it for encrypted file transfers, or hosting an IRC bouncer, and learning how to set up hybrid cloud and on-prem servers.

A VPS is the best thing I've added to my home lab all year

Virtual Private Servers are versatile and very value-packed

I was looking for a VPS in the first place because my ISP blocks ports (unless you pony up 2x the cash for a business line), and as it's also behind CGNAT, there's not much I can do about it from inside my network. But NAT traversal works without opening ports, and services like Netbird or Pangolin facilitate this by having a client sitting on your devices to start the connection, which then goes through, as firewalls are designed to allow traffic in if the initial request came from inside the network.

It's really an ingenious way of handling annoyances, and it also means no ports are left open for automated scanners to pick up on. So far, I've been using a variety of services on my VPS, and I've got a few more things in the works:

  • IRC bouncer (soon)
  • Netbird
  • Pangolin
  • Testing Ansible, Terraform, and other automation tools without letting them loose on my home network

I've also got the VPS IP behind Cloudflare with one of my domain names, so that it's easy to remember and reach when I need to use it. I was worried at the start that the 5TB monthly data transfer cap would be an issue, but I've found I'm nowhere near that. I've got full root access, can reinstall premade OS images within seconds, and with 3 vCPU cores and 3.5GB of RAM, it's more powerful than some of the VMs that I run locally.

RackNerd VPS

Currently it hosts my remote access tool under a domain name I own

But I could change it at any moment for other uses

I've got the bare minimum of a web server running on a domain for testing purposes, with SSO and identity management set up for secure access. It does what I need, when I need it, and I haven't felt the need to increase the plan I'm on, or add a large Docker stack, or any other tools. It's there for easy access to my home network and the home lab inside, and should work even if something goes wrong with firewall settings or network configuration mistakes.

I like having a lock-out prevention feature that's not tied to any hardware on my home network. I still have a single low-power laptop set to the management VLAN subnet, that only comes off the shelf to charge and to administer my network stack, but it's nice to know I can fix many issues by remoting in. Maybe one day I'll set up a KVM switch with external access to do the same thing but with a dedicated network appliance, but that day not today.

I could self-host on my own hardware, but that comes with caveats

I know I could run something like HAProxy from a local server and test out remote access without leaving my home lab, but I prefer having a mix of systems in my testing arsenal so that I can run the experiments I want, without additional setup time. Having an always-configured reverse proxy and VPN sitting on a VPS is a real time saver, and all I have to do is link the individual services that I'm testing at the time. Plus, I don't have to worry about CGNAT, ports being blocked, opening ports through the firewall, and any number of other pitfalls of using a residential internet plan for self-hosted services.

Having an off-site virtual private server is awesome

Self-hosting is still self-hosting if you don't own the hardware it's installed on, and having an external VPS to try out new server OSes or spin up new services has turned into an integral part of my home lab. Plus my hosting provider has an uptime guarantee, something I can't say I have for my home servers. This isn't the first time I've had a VPS, but it's certainly the most affordable time, and I can't see myself letting it go (unless it's to a different hosting provider that offers something specific that I need at the time).