What’s up, what’s down and what are you not sure about?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

I finally finished my first iteration of my Minilab including a very smooth migration from the old server yesterday so I can go to the service side of things again. I plan to get some kind of selfhosters VPN for external access to stuff that’s not exposed to the internet, I’ll have to investigate which one.

  • augustus672@lemmy.worldEnglish
    5·
    5 days ago

    Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there’s anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.

    • catloaf@lemm.eeEnglish
      3·
      5 days ago

      You’re gonna need to provide more detail on what you’re trying to do

    • sneakyninjapants@sh.itjust.worksEnglish
      2·
      5 days ago

      Might look into the pangolin project if what you’re trying to do is expose services from your home network over wireguard to a reverse proxy on a vps.
      The software suite is basically wireguard, traefik, and auth middleware wrapped in a trenchcoat. Much simpler than rolling your own implementation, but there has been recent controversy with the project over locking “basic” existing features behind a paywall after the project got popular, though after public backlash they’ve backpedaled on that iirc.

      Edit: Just realized you said tailscale. Above recommendation might be a deal breaker depending on your reason for wanting tailscale specifically

      • augustus672@lemmy.worldEnglish
        1·
        5 days ago

        All good, thanks for the recommendation. I’m using tailscale as I currently don’t want to expose anything over the Internet and also don’t mind tailscale being a freemium service. I might still look at pangolin just to expand my knowledge.

    • irmadlad@lemmy.worldEnglish
      2·
      5 days ago

      You can restrict Caddy access to use your tailscale. For instance in your Caddyfile:

      For tailscale ip range:

      myverycoolserver.duckdns.org {
    @allowed {
        remote_ip 100.64.0.0/10  # Allow Tailscale IP range
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}

      For specific tailscale IP:

      myverycoolserver.duckdns.org {
    @allowed {
        remote_ip YOUR_TAILSCALE_IP  # Replace with the specific Tailscale IP
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}
    • couch1potato@lemmy.dbzer0.comEnglish
      1·
      5 days ago

      I have caddy on a vps that serves as a tailscale exit node and also reverse proxies over the tailnet. My pfsense router is also in the tailnet and exposes some subnet ip addresses to the tailnet. So for example I have public domain watch.example.com hits my caddy and gets proxied to internal IP 192.168.31.48 which is my jellyfin docker.