Maintenance
sudo dnf check-update
sudo dnf update
This setup was performed using an ASUS router. You can access your router's configuration settings here. Please ensure you are on the same network as the router and not connected to a VPN.
Carrier-Grade NAT (CGNAT) can make it difficult to host services or access your home network from the outside world. This is because your router shares a single public IP address with many other users. One way to circumvent this is to request a static IP address from your internet service provider (ISP). A static IP address provides you with a globally unique and consistent address that isn't shared, allowing external devices to connect directly to your network. Bypassing CGNAT enables you to host servers, use port forwarding, and remotely access your home network without restrictions.
To confirm you are not behind CGNAT, ensure that your router's WAN IP address matches your external public IP address. You can easily find your external public IP address by searching "What is my IP address" on Google, or through websites like WhatIsMyIP.com.
To link your WAN (internet) IP address to an internal device, navigate to the "Virtual Server / Port Forwarding" section in your router's configuration. You will need to map the following parameters:
Service Name | External Port | Internal Port | Internal IP Address | Protocol |
---|---|---|---|---|
HTTP | 80 | 192.168.1.100 | TCP | |
HTTPS | 443 | 192.168.1.100 | TCP | |
Game Port | 27015 | 192.168.1.100 | BOTH | |
Steam Query Port | 2214 | 192.168.1.100 | UDP | |
SFTP Port | 2215 | 192.168.1.100 | TCP |
For optimal results, assign a static IP address to the internal device on your local network. This prevents the device's IP address from changing, which would break the port forwarding rule. To do this, go to "LAN" -> "DHCP Server" in your router's configuration, and do the mapping.
Client Name (MAC Address) | IP Address |
---|---|
00:1A:2B:3C:4D:5E | 192.168.1.100 |
This section details building Caddy with the Namecheap DNS module for Let's
Encrypt wildcard certificates via DNS-01 challenges. Due to
xcaddy
's Go version requirement exceeding that available in
standard dnf
repositories, a manual Go installation is required.
After building Caddy with xcaddy
and the Namecheap module, the
resulting binary will replace the dnf
-installed Caddy, simplifying
path management.
CubeCoders AMP is a paid game server management panel. The installation process involves running a script that will ask a series of configuration questions. While Docker isn't a strict dependency of AMP itself, be sure to install Docker on the system. We'll use it later to simplify the management of game servers, especially those with complex dependencies. When prompted about HTTPS configuration, select not to install it. We'll be handling SSL/TLS certificates and reverse proxy functionality using Caddy ensuring a consistent single path for certificate management.
hostname -I
sudo firewall-cmd --list-all
sudo ausearch -m avc -ts recent
sudo netstat -tulnp | grep caddy
sudo nano /etc/caddy/Caddyfile
sudo nano /usr/share/caddy/darrela.dev/index.html
systemctl status caddy.service
sudo systemctl restart caddy
sudo journalctl -u caddy -f
sudo dnf check-update
sudo dnf update