this post was submitted on 29 Jul 2024
42 points (92.0% liked)

Selfhosted

40296 readers
239 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hello all,

I have started experimenting again with a local server and I am facing a few issues, here is my case.

I run Debian o an old HP prebuilt without GUI. I do everything with ssh from my laptop (basic connection ssh user@addr)

I have installed docker. I have installed a few containers. I also installed portainer for easier management.

All good so far because everything is local.

I have purchased a domain with cloudflare and set up a tunnel as to avoid exposing any ports and having an easier time managing and deploying stuff.

I have set up jellyfin and vaultwarden but when I tried to install nextcloud AIO it was advised to add a local reverse proxy as to avoid many problems.

My questions are:

Is the tunnel solution appropriate for jellyfin?

I suppose it's OK for vaultwarden as there isnt much data being transfered?

Would it be better to run nginx proxy manager for everything or can I run both of the solutions?

Any general recommendations on the above and in general are appreciated!

you are viewing a single comment's thread
view the rest of the comments
[–] xantoxis@lemmy.world 4 points 3 months ago* (last edited 3 months ago) (1 children)

I haven't deployed Cloudflare but I've deployed Tailscale, which has many similarities to the CF tunnel.

  • Is the tunnel solution appropriate for Jellyfin?

I assume you're talking about speed/performance here. The overhead added by establishing the connection is mostly just once at the connection phase, and it's not much. In the case of Tailscale there's additional wireguard encryption overhead for active connections, but it remains fast enough for high-bandwidth video streams. (I download torrents over wireguard, and they download much faster than realtime.) Cloudflare's solution is only adding encryption in the form of TLS to their edge. Everything these days uses TLS, you don't have to sweat that performance-wise.

(You might want to sweat a little over the fact that cloudflare terminates TLS itself, meaning your data is transiting its network without encryption. Depending on your use case that might be okay.)

  • I suppose it’s OK for vaultwarden as there isnt much data being transfered?

Performance wise, vaultwarden won't care at all. But please note the above caveat about cloudflare and be sure you really want your vaultwarden TLS terminated by Cloudflare.

  • Would it be better to run nginx proxy manager for everything or can I run both of the solutions?

There's no conflict between the two technologies. A reverse proxy like nginx or caddy can run quite happily inside your network, fronting all of your homelab applications; this is how I do it, with caddy. Think of a reverse proxy as just a special website that branches out to every other website. With that model in mind, the tunnel is providing access to the reverse proxy, which is providing access to everything else on its own. This is what I'm doing with tailscale and caddy.

  • General recs

Consider tailscale? Especially if you're using vaultwarden from outside your home network. There are ways to set it up like cloudflare, but the usual way is to install tailscale on the devices you are going to use to access your network. Either way it's fully encrypted in transit through tailscale's network.

[–] piracysails@lemm.ee 1 points 3 months ago* (last edited 3 months ago)

Thank you for all of this, but a vpn solution won't work for me as I run a VPN all the time on all my machines.

Edit: Upon looking a little on tailscale, I might consider it, seems interesting.