This is an incomplete draft speech script for a Toastmasters club I belong to. I decided not to use it as it has gone too technical for non-IT audiences.
Introduction
Have you heard of the word “de-google?” It means to stop using Google web services such as Google photos, Google maps or Gmail. As a Pixel mobile phone user, I heavily depend on Google services.
There are many reasons to de-google. Some people believe Google has become evil. But to me, it is mostly a fear that they might raise price drastically or worse, stop services that I’m using.
In fact, they started charging Google photos several years ago. They also discontinued Google Play Music service. These were shock to me. What if they increase subscription fees 200% every two years? To protect myself from Google’s whims, or greedy if you like, I started de-googling one step at a time.
In my last speech, I talked about setting up my less-than-$200 mini PC. I talked about the Immich app, which is a google photos alternative. With Immich, all my family photos are hosted in my mini PC and backed-up regularly.
Great, isn’t it? Actually, not quite yet. One missing piece is that we can only access our photos in my apartment via the home wifi. Wouldn’t it be great if we can access our data when we are out via the Internet?
Well, yes, but with a caveat.
Security risk
If you expose your PC to the Internet, it would be exposed to malicious attacks by hackers. Usually, your wifi router shuts out all incoming connections including those attacks.
However, once you setup your wifi router so that it passes through requests from Internet, it is your PC that needs to reject unwanted access requests from outside, and only allow requests that you are OK with them.
It’s extremely dangerous to just expose your PC to the Internet without properly configuring security. Once a hacker gets the root access to your PC, all kinds of bad things could happen. For example, your credit card information might be stolen.
Reverse proxy server
What I needed for security was a reverse proxy server. A reverse proxy server sits in front of web services such as Immich, and protects those services. It’s like a security guard for gated community. It blocks all unwanted visitors and turns them away.
With reverse proxy, Immich and other web services are safe from hackers’ malicious attacks.
DNS
Other than security, exposing PC to the Internet requires you to follow Internet’s complex machinery. The most important one is DNS; the Domain Name System, which is the core technology of the Internet.
All devices connected to computer network such as your home wifi or the Internet have unique IDs called IP addresses, and they use IP addresses to communicate with each other. IP addresses look just random numbers separated by dots to humans, such as 192.168.0.1. But you don’t use IP addresses for accessing web services, do you?
Instead, we use domain names, for example, google.com. All public web services on the Internet have domain names. DNS; Domain Name System is the rules to convert a domain name to its corresponding IP address. So, I purchased a domain name for my wifi router, which is achiwa.co.uk. The reason I chose .co.uk is that it was cheap, less than $3 for the 1st year. Incidentally, some popular domains would cost thousands of dollars.
Even if the IP address assigned to my wifi router is changed by my Internet provider, which happens from time to time by the way, I can still access my mini PC from the Internet with the domain name.
DDNS
But to do so, I needed another software piece called DDNS server which stands for Dynamic DNS. DDNS on my mini PC periodically informs the IP address assigned to my wifi router to the Domain Name System in the Internet so that it can route requests to my domain name - achiwa.co.uk to my wifi router.
Thanks to DNS and DDNS, I can access my mini PC with my domain name remotely from the office or even from Japan or the UK.
Caddy
As a reverse proxy server, I chose Caddy which is another open source software. One thing that Caddy stands out from other reverse proxy options is that it automates certificate renewals.
Server certificate renewals
Have you heard of server certificates? They certify that the servers are legitimate and safe to access. Without a valid certificate, many people think that the site is dangerous. Browser software warns of such risky sites, and some browsers even refuse to connect to them. It’s very important that servers providing web services to public have valid server certificates.
All server certificates have expiring dates, and are only valid until then. Usually, server administrators have to manually renew certificates periodically so that their servers continue to have valid certificates.
Renewing server certificates has been a headache for server administrators for many years. But with Caddy, certificates are automatically renewed.