Cloud Bastion Server#

VivumLab can optionally configure a cloud based bastion server, which will route traffic to your VivumLab instance without needing to forward ports on your home router.

This is desirable for three reasons.

  1. Less configuration - No need to configure your routers or firewalls, no port forwarding to mess with.
  2. Enhanced security - Your home IP address will not be exposed to the internet via DNS
  3. Email - Most ISPs block the ports necessary for email, this circumvents that


First you need a cloud server through a provider such as AWS or Digital Ocean.

You can use the VivumLab Terraform feature, or set it up manually.

Set any bastion config values to their correct settings. Or run vlab bastion enable to enable (interactive setup).

Run vlab deploy as usual, and VivumLab will take care of everything else.

Now point your domain name ('A' record) to your cloud server's IP address rather than your home IP address.


You can SSH port 22 on your cloud server to access the cloud server itself. Or you can SSH to port 2222 and you will be accessing the home server directly.


You can also use sshuttle to access your server via a VPN. Install sshuttle on your client then run sshuttle -r [email protected]_SERVER_DOMAIN 0/0

You can now ssh directly to or visit with a browser to access the Traefik dashboard for example.