I have a domain, static IP address and many devices I'd like to access outside my house. How do I route them?
You can have one public facing server running nginx reverse proxy that redirects traffic based on subdomain to the correct server.
nginx configuration on your "main" server:
server {
server_name device1.example.com;
location / {
proxy_pass http://192.168.0.1:80;
}
}
server {
server_name device2.example.com;
location / {
proxy_pass http://192.168.0.2:80;
}
}
server {
server_name device3.example.com;
location / {
proxy_pass http://192.168.0.3:80;
}
}
You'll need to use alternate ports for everything except one of them. For example, 212.5.5.5:80 would forward to 192.168.0.1:80, but then 212.5.5.5:81 would forward to 192.168.0.2:80, and 212.5.5.5:82 would forward to 192.168.0.3:80, and so on. This should be configurable on most modern NAT devices.
Another way, if you're willing to use IPv6, is just turn on IPv6 pass-through on your NAT device or router. That basically exposes every IPv6 address on your LAN to the public internet, letting you access them directly from the outside. As you might imagine, there is some risk associated with this. It's up to you to decide if that risk is tolerable.
You shouldn't expose these services to the internet directly. You can't audit these devices to be sure they are secure, and merely exposing them leaks information about the state of your internal network.
The correct solution is to set up a VPN server that grants you remote access to an internal network. Ideally the internal network should be segregated from your main one, only used for these exposed devices. That limits the damage if they are hacked.
Open source VPN software is mature, audited and the security issues are well understood. You limit yourself to a much smaller attack surface.