Selfhosted

60210 readers

1291 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

Be civil.
No spam.
Posts are to be related to self-hosting.
Don't duplicate the full text of your blog or readme if you're providing a link.
Submission headline should match the article title.
No trolling.
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

141

What's up, selfhosters? It's selfhosting Sunday again! (lemmy.nocturnal.garden)

submitted 1 year ago by tofu@lemmy.nocturnal.garden to c/selfhosted@lemmy.world

113 comments fedilink hide all child comments

What’s up, what’s down and what are you not sure about?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

I finally finished my first iteration of my Minilab including a very smooth migration from the old server yesterday so I can go to the service side of things again. I plan to get some kind of selfhosters VPN for external access to stuff that's not exposed to the internet, I'll have to investigate which one.

you are viewing a single comment's thread
view the rest of the comments

[–] augustus672@lemmy.world 5 points 1 year ago (5 children)

Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there's anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.

[–] MangoPenguin@lemmy.blahaj.zone 4 points 1 year ago* (last edited 1 year ago)

It should be the same setup regardless if you're using a VPN or not.

Having used both I generally prefer traefik.

[–] catloaf@lemm.ee 3 points 1 year ago

You're gonna need to provide more detail on what you're trying to do

[–] irmadlad@lemmy.world 2 points 1 year ago

You can restrict Caddy access to use your tailscale. For instance in your Caddyfile:

For tailscale ip range:

myverycoolserver.duckdns.org {
    @allowed {
        remote_ip 100.64.0.0/10  # Allow Tailscale IP range
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}

For specific tailscale IP:

myverycoolserver.duckdns.org {
    @allowed {
        remote_ip YOUR_TAILSCALE_IP  # Replace with the specific Tailscale IP
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}

[–] sneakyninjapants@sh.itjust.works 2 points 1 year ago (1 children)

Might look into the pangolin project if what you're trying to do is expose services from your home network over wireguard to a reverse proxy on a vps.
The software suite is basically wireguard, traefik, and auth middleware wrapped in a trenchcoat. Much simpler than rolling your own implementation, but there has been recent controversy with the project over locking "basic" existing features behind a paywall after the project got popular, though after public backlash they've backpedaled on that iirc.

Edit: Just realized you said tailscale. Above recommendation might be a deal breaker depending on your reason for wanting tailscale specifically

[–] augustus672@lemmy.world 1 points 1 year ago

All good, thanks for the recommendation. I'm using tailscale as I currently don't want to expose anything over the Internet and also don't mind tailscale being a freemium service. I might still look at pangolin just to expand my knowledge.

[–] couch1potato@lemmy.dbzer0.com 1 points 1 year ago

I have caddy on a vps that serves as a tailscale exit node and also reverse proxies over the tailnet. My pfsense router is also in the tailnet and exposes some subnet ip addresses to the tailnet. So for example I have public domain watch.example.com hits my caddy and gets proxied to internal IP 192.168.31.48 which is my jellyfin docker.