Selfhosted

53034 readers

675 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

New(ish) to self-hosting. Question about reverse proxy setup (programming.dev)

submitted 4 days ago* (last edited 4 days ago) by kn0wmad1c@programming.dev to c/selfhosted@lemmy.world

5 comments fedilink hide all child comments

Hey all, I started my self-hosting by using the script here and modifying it to suit my needs:

https://github.com/geekau/mediastack

My only question is how I get the authentik/headscale/tailscale/cloudflare pieces working as a reverse proxy.

I think I've configured cloudflare correctly since I can hit my external url and it will try to redirect to authentik, but that's really where I'm stuck.

Has anyone else used a similar stack and got it to work? Is there a guide (other than the ones used for this exact stack because they aren't good) I can use somewhere?

Edit: to be clear, I'd like to be able to access my jellyseerr and jellyfin instances from an external url at minimum, but the more I can access, the better. I have cloudflare DNS entries for the whole stack, pretty much

you are viewing a single comment's thread
view the rest of the comments

[–] ragingHungryPanda@piefed.keyboardvagabond.com 2 points 4 days ago (1 children)

tailscale is a vpn. you don't need cloudflare for it. you do need to set up the tail scale container with your credentials from tail scale, which they have guides for. after that, log in on your machine and click the connect toggle and you're in.

the exit node is if you want to look like you're at your host computer.

[–] kn0wmad1c@programming.dev 1 points 4 days ago* (last edited 4 days ago) (1 children)

If you look at the docker compose for the stack I'm using, cloudflare is definitely a part of it:

https://github.com/geekau/mediastack/blob/master/full-download-vpn/docker-compose.yaml

Headscale requires cloudflare, and tailscale requires Headscale. The documentation for how all of this ties together is really sparse, but I think I'm getting the 403 Forbidden from this part of the tailscale yml:

--login-server=https://headscale/.$%7BCLOUDFLARE_DNS_ZONE:?err}

Edit: Lemmy won't let me remove the / in front of the . in the url above, and it keeps url-encoding the open curly bracket for some reason. The code block markdown should be displayed as a literal, so this feels like a bug.

[–] ragingHungryPanda@piefed.keyboardvagabond.com 2 points 4 days ago

that's quite a long compose file.

the way that I use cloud flare is with tunnels since my ISP blocks my ports. I have cloudflared running that connects to the cloudflare tunnel, which has a map of domain name to a service name, which is how services are accessed externally.

tailscale connects to tail scales main service and that's how I access internal systems. at least that's how I'm running it.