Is there a reason you cannot accomplish this with a selfhosted VPN?
Exposing anything has risk. Risk of loss of data, your systems being used for other attacks, and loss of time/money to fix. It is entirety possible to do this as safe as practical of course- keeping your stuff up to date and having some kind of visibility into intrusion detection for immediate response are ways to minimize issues.
I’d use a VPN and give your friends the credentials for access to your server(s)
Before this post gets blasted with “just use a VPN” Yes I already have wireguard up and running but trying to get family members setup with a vpn that are technology illiterate is a nightmare
I mean, the reasons to do this cannot be understated. A VPN literally accomplishes the security and exposure issues.
It’s your network through. You can feel free to expose your ports and services to the entire internet and take the risk of zero day attacks, brute force, and credential leaks. Knowing that your family is illiterate, it sounds like they may not use best cyber security practices with your services…
So, that leaves it on you. You can either support it on the front end with a proper VPN like Wireguard, or support it on the back end with IDS, honeypots, advanced threat management, constant monitoring, mitigation, patch management, backup and restores, isolation, etc.
There are not shortcuts to proper security and exposure management. You can also pay someone, or a company to do this for you.
I do a bunch of AI stuff, but you won’t get chatgpt quality from anything else. It requires a massive amount of storage, memory and processing hardware- millions of dollars in hardware alone. Not sure what you’re trying to do exactly, but that model is insane to attempt reproduction in any part
I built a payment processor many years ago for a large bank.
Spoiler alert: you won’t be self hosting something like this. The regulatory and compliance aspect alone will financially destroy you. You’d have audits, auditors in your home, and they will fail you. You won’t be able to be in compliance and thus you won’t be allowed to process financial transactions.
You will need an intermediary, like stripe or square or similar, to accept payment. Shop around for a solution or start investing into a large education on SEC, FDIC, and PCI regulations before you even get into the technical and physical challenges of financial transaction processing. I am guessing there are quite a few additional regulations now.
Good luck
Best practice example would be a Kali VM on a testing vlan for playing all the Kali specific stuff.
This is why it’s important to have other security monitoring resources on your network if you intend to open ports or expose your services to the Internet. Also a good time to change all your passwords if you have not already.