At home I do not have a fixed public IP. This would not be a problem for most users who run a homelab with several services that they only want to access from their local network, but this is not my case.

For convenience, I like being able to access my services from any external network. In this tutorial I will show several alternatives to achieve this depending on the conditions of your setup.

Fixed Public IP

Many companies offer the possibility of having a fixed public IP, meaning an IP address that will never change regardless of possible power outages or internet connection resets. This provides a very stable solution, since any port can be opened on the router and made accessible from the internet simply by entering the public IP and port.

In addition, you can configure a domain to point to this IP only once, without having to deal with the headache of updating its DNS every time the IP changes.

This solution is the most straightforward, but it has several drawbacks:

• Privacy: All traffic passing through our IP can always be directly linked to us, meaning a third party could analyze the traffic associated with it.
• Security: The security of a system behind a public IP remains the same, but if someone becomes interested in our network they could keep trying different attack methods knowing they are targeting the same user. In other words, they could keep experimenting until they eventually find a weakness in the infrastructure.
• Cost: A static IP usually comes with a small additional fee.

Dynamic DNS

Dynamic DNS (DDNS) allows a DNS record to always point to the system’s current public IP by periodically checking the IP address and updating it whenever it changes.

If you use a DNS provider that supports this feature, such as noip, you can enjoy the benefits of a non-static public IP while still having a domain that always points to your server.

This solution is recommended whenever:

• Your DNS provider supports this functionality.
• Your system can communicate with the provider, meaning you have a Unix system with a utility installed that can update the IP, or your router has this feature built in. My favorite router for these cases is the industrial router RUT241.
• High uptime is not strictly required, since the system may take up to an hour to update the IP if it changes.

Manual Script

If you do not have a fixed IP and your DNS provider does not support dynamic DNS, you can create a small script on your router or on a system in your network that notifies you when the public IP changes.

In the case of my servers hosted on VPS providers, they all have fixed IPs, so the DNS always points to them. However, in my home network, which does not have a fixed public IP, this would not be possible.

Since the services running on my home server should not be accessible to the public internet (unlike services such as this website), they are placed behind a VPN using WireGuard, explained in another post. To configure my clients I only need a set of fixed credentials and the public IP, so I simply need a way to receive updates when the IP changes.

For this purpose I use my XMPP server to notify changes with the following script:

 1GetPublicIP = pkgs.writeShellScript "GetPublicIP" ''
 2IP_FILE="$HOME/.last_public_ip"
 3PASSWORD="YOURPASSWORD"
 4
 5# Get current public IP
 6CURRENT_IP=$(curl -s https://api.ipify.org)
 7
 8# If file doesn't exist, create it
 9if [ ! -f "$IP_FILE" ]; then
10    echo "$CURRENT_IP" > "$IP_FILE"
11    exit 0
12fi
13
14LAST_IP=$(cat "$IP_FILE")
15
16# Compare IPs
17if [ "$CURRENT_IP" != "$LAST_IP" ]; then
18    MESSAGE="Public IP in "CasaServer" changed: $LAST_IP -> $CURRENT_IP"
19
20    xmppc -j bot@xmpp.gabrielcachadina.com \
21          -p "$PASSWORD" \
22          -m message chat gabriel@xmpp.gabrielcachadina.com \
23          "$MESSAGE"
24
25    echo "$CURRENT_IP" > "$IP_FILE"
26fi

Note that I use the utility xmppc to send the messages, but this script could easily be modified to send updates by email using the mail utility or through a shared volume synchronized with Syncthing.

With this approach you should have a possible solution for any scenario where your services are exposed—either publicly or privately—so that any change in the public IP does not become a problem.