this post was submitted on 18 May 2025
140 points (97.9% liked)

Selfhosted

46677 readers
576 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
140
What's up, selfhosters? It's selfhosting Sunday again! (lemmy.nocturnal.garden)
submitted 5 days ago by tofu@lemmy.nocturnal.garden to c/selfhosted@lemmy.world
115 comments fedilink hide all child comments
 

What’s up, what’s down and what are you not sure about?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

I finally finished my first iteration of my Minilab including a very smooth migration from the old server yesterday so I can go to the service side of things again. I plan to get some kind of selfhosters VPN for external access to stuff that's not exposed to the internet, I'll have to investigate which one.

you are viewing a single comment's thread
view the rest of the comments
[–] augustus672@lemmy.world 5 points 5 days ago (5 children)

Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there's anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.

[–] MangoPenguin@lemmy.blahaj.zone 4 points 5 days ago* (last edited 5 days ago)

It should be the same setup regardless if you're using a VPN or not.

Having used both I generally prefer traefik.

[–] catloaf@lemm.ee 3 points 5 days ago

You're gonna need to provide more detail on what you're trying to do

[–] sneakyninjapants@sh.itjust.works 2 points 5 days ago (1 children)

Might look into the pangolin project if what you're trying to do is expose services from your home network over wireguard to a reverse proxy on a vps.
The software suite is basically wireguard, traefik, and auth middleware wrapped in a trenchcoat. Much simpler than rolling your own implementation, but there has been recent controversy with the project over locking "basic" existing features behind a paywall after the project got popular, though after public backlash they've backpedaled on that iirc.

Edit: Just realized you said tailscale. Above recommendation might be a deal breaker depending on your reason for wanting tailscale specifically

[–] augustus672@lemmy.world 1 points 5 days ago

All good, thanks for the recommendation. I'm using tailscale as I currently don't want to expose anything over the Internet and also don't mind tailscale being a freemium service. I might still look at pangolin just to expand my knowledge.

[–] irmadlad@lemmy.world 2 points 5 days ago

You can restrict Caddy access to use your tailscale. For instance in your Caddyfile:

For tailscale ip range:

myverycoolserver.duckdns.org {
    @allowed {
        remote_ip 100.64.0.0/10  # Allow Tailscale IP range
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}

For specific tailscale IP:

myverycoolserver.duckdns.org {
    @allowed {
        remote_ip YOUR_TAILSCALE_IP  # Replace with the specific Tailscale IP
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}
[–] couch1potato@lemmy.dbzer0.com 1 points 5 days ago

I have caddy on a vps that serves as a tailscale exit node and also reverse proxies over the tailnet. My pfsense router is also in the tailnet and exposes some subnet ip addresses to the tailnet. So for example I have public domain watch.example.com hits my caddy and gets proxied to internal IP 192.168.31.48 which is my jellyfin docker.