When I first envisioned building a home lab, I took it literally, and only considered the networking equipment, clients, servers, and services inside my walls. That's not a terrible first stab at things, but it's not entirely the whole picture either, as your home lab is more the total of the services and equipment you're using for experiments, whether they're on your home network or not.

And well, I couldn't use my home lab how I want without something that's not anywhere near my home. One of the key services in my home lab is a virtual private server or VPS. This versatile and cost-effective tool is where I keep my reverse proxy for accessing my hosted services when away from home, but it's just as useful when I'm at home, and I really don't remember how I did things without it.

To sidestep CGNAT and avoid port forwarding issues

NAT traversal is such an elegant solution to remote access requirements

The main reason I went and got a VPS for my home lab was to sidestep the arbitrary restrictions on open ports with my residential connection, and to not deal with CGNAT weirdness. It makes the perfect host for whatever remote access software solution I want to access my home lab from outside my network, I can link it to a domain name for easier use, and it doesn't have the lag that DDNS can sometimes have when the IP changes, but caching doesn't change fast enough.

I also wanted to get one again because I used to run an IRC bouncer on one years ago, to keep my connection on the IRC network for message logging. I don't really spend time on IRC anymore, but nostalgia hit hard. I still haven't set one up, and the thought has gone, but I'm finding it more useful with services like Pangolin to connect to my home network without keeping ports open for traditional VPN usage.

Having NAT traversal available means I can use solutions that don't expose my home network to automated scanning, and the host of automated malware payloads that keeping open ports can attract. The days of being able to keep ports open are gone, but that's okay because the solutions that avoid open ports are better for use anyway. And I can keep services behind SSO, making access control a core part of my home lab wherever it's accessed from.

Because it's nice to have stable hardware that's not my problem

Outsourcing maintenance and uptime to a VPS provider is a smart play

I break the Linux installs in my home lab all the time, and it's one of the things I enjoy the most, as it gives me the most learning potential. But sometimes it's nice when things just work, and my VPS is one of those things. I don't have to worry about uptime, power fluctuations, physical hardware, or any other considerations of the fleet of devices in my home lab. It's always there, a login away, ready to use, and take whatever new programs I want to play with. I don't have to handle security (beyond standard login and firewall) or worry about temperatures.

I wipe my VPS too often to use it as a wiki or other knowledge management tool to document what goes on in my home lab, at least on this particular VPS. But they're relatively inexpensive for the power I need, and I might pick up a second one to host some record-taking software for that purpose. Maybe I'll extend it to hosting Ansible and Terraform files, so I can recreate my home lab from a trusted source.

For a different geographical exit or entry point to my home lab

This helps with anonymity and any potential regional blocks

Even without considering port forwarding issues and CGNAT, sometimes it makes sense to have an endpoint that's not in the same geographical area that your home is. Whether I'm using the VPS as a exit node in Tailscale, or using it as an ingress with a reverse proxy or other remote access tool, I like having the choice of using an IP that's geographically remote. It doesn't have to be on the other side of the country, but every little bit helps keep you safer online, even if it's obfuscating your true location.

Easy place to experiment

And when things go wrong, I can reinstall the server in minutes

My VPS offers six different Linux distributions, but I can ask for a custom ISO to be mounted if I want to install my preferred choice. I haven't needed to do that yet, partly because I've been sticking to Debian and Ubuntu for the wider support for the services that I've been hosting on the VPS, but also because I'm much better acquainted with those. Reducing complexity when using new tools is always a good idea for learning, and even more so if things go wrong.

And they will go wrong. Every tool I've tried hosting on my VPS has come with at least one issue while installing it and setting up the operating system, with the most common being Debian refusing to let me use sudo, or log in as root. Every tutorial for fixing this situation including making a new user account and adding it to the sudoers file, had mixed results, and it was easier for me to rebuild the VPS with Ubuntu instead, where sudo works as I expected. Plus the after-effects from my experimentation, whether it be Docker containers, installed programs, or even nested virtualization can be swept away with a few clicks, letting my hosting provider put another instance up for me to use.

Gives me a public static IP

And it's protected by the VPS hosting company

Source: WikiMedia Commons

Even without the other benefits of a VPS, this one alone is worth its yearly cost several times over to me. Now, I don't want a static IP at home, because it's inherently less safe, and frankly less useful nowadays. But if I did want one, the only way I can get one with my current ISP is by moving to a business plan, which is twice the cost of my current plan. Which is quite ridiculous for a few static IPs and a slightly better tier of customer service.

I'd pay more in a month than I pay for the entire year of a VPS, and I still wouldn't be able to host some things because of ports being blocked. It's also easier to point my hosting company to a public IP address so I can use my own domain for my self-hosted services, but it's not strictly necessary, and I could do that just as easily with a DDNS service, which my router provides for free. Plus, it's not hosted by me so some level of DDoS and security is handled by the hosting company, which makes things a little easier for me to work with while not having to think about as many things.

Plus, a VPS is incredibly cheap for yearly subscriptions

Is self-hosting still self-hosting when it's not on your machine? It's still my server, even if someone else is in charge of the physical aspect of it, and in some ways it's more secure and easier to deal with than having something at home. And I don't have additional electricity bills to worry about, or security on my home network, or any of a multitude of other considerations that make self-hosting certain types of service from your home network more complicated and sometimes downright more dangerous.