this post was submitted on 21 Oct 2024
13 points (88.2% liked)

Selfhosted

40296 readers
358 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I currently have my home services set up in a way I like, and think I understand. I have an S12 pro w/ *arr, Overseerr, Immich, paperless, etc running. The only things exposed are immich, paperless, and overseerr. This is via swag/dockerproxy over a cloudflare tunnel. This makes it so I don't have to do anything on the cloudflare end or my router to add a new service. DockerProxy picks up a new container, swag configures a reverse proxy automatically (assuming it recognizes the container, but it also supports custom configs) using the container_id as the subdomain.

I'm looking at setting up a VPS to host authentik and uptima kuma (to start - maybe ntfy in the future). What I'd like to do is have the public interface on these containers use the same cloudflare tunnel I'm currently using... or a second one, if necessary. For the interface back to my home server, I'd like to use Tailscale. I already have it running on my home server, and I expect I'll install it on my VPS. The goal here is the "public" connection uses the cloudflare tunnel, and the backend connection is over tailscale.

I've tested that I can spin up swag/dockerproxy on a second box in my lab and it will connect to cloudflare. I have not yet tested standing up a container on that box to see if the proxy works as expected.

So, questions:

  • Tailscale on VPS: container or no? Obviously, if I can't install it locally, I'll put it in a container
  • How to I configure a container to use these 2 networks? I'm fairily good on getting the cloudflare part working. The TS part is new to me, and all the documentation I've seen doesn't really cover other containers using the tailnet.
  • Am I overthinking this? If I put these services on tailnet alone, will the cloudflare tunnel... tunnel back and forth to/from clients not on tailnet?
you are viewing a single comment's thread
view the rest of the comments
[–] PunkiBas@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

I'm not sure I understand what you are trying to do, since you're gonna have a vps, why not move your reverse proxy over to it and have that as the only entrypoint to your network using tailscale or wireguard for it to connect to your home services?