this post was submitted on 19 Jan 2025
77 points (94.3% liked)

Selfhosted

52506 readers
2007 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I've been researching different ways to expose Docker containers to the internet. I have three services I want to expose: Jellyfin, Omnivore (Read-it-later app), and Overseerr.

I've come across lots of suggestions, like using Nginx with Cloudflared, but some people mention that streaming media goes against Cloudflared tunnel TOS, and instead recommend Tailscale, or Traefik, or setting up a WireGuard VPN, or using Nginx with a WireGuard VPN.

The amount of conflicting advice has left me confused. So, what would be the best approach to securely expose these containers?

you are viewing a single comment's thread
view the rest of the comments
[–] maplebar@lemmy.world 2 points 9 months ago

Yeah it's wireguard under the hood iirc, so you probably could put in effort in order to achieve roughly what tailscale does, if you have the knowledge and time involved in doing that. I don't think there's any secret sauce that would be impossible to someone to DIY.

I don't blame people for being skeptical, especially those of us in the Linux, FOSS, and self-hosted world. I was skeptical too, because part of the reason I wanted to self-host was to move away from a dependency on companies, and I'm weary of the mere possibility of tailscale's eventual capitalist enshittification. But after trying it, I have to admit that it's been a game changer for me.

For me personally, tailscale is just an easy out-of-the-box solution that works well for what I want it to do (give me encrypted access to my server from anywhere in the world). I'm not so good at networking that I could get anywhere near the level of convenience that tailscale affords me, and I have too many other projects that I want to do before reinventing tailscale for myself. So instead I have a small free tailnet with all of my devices (and a couple other users' devices), and it has totally changed my relationship with self-hosting and my server.

In my view, It's a pretty good deal, for now at least.