283
submitted 6 months ago* (last edited 6 months ago) by Mir@programming.dev to c/selfhosted@lemmy.world

I spent all day today trying to get the routing to work correctly between Tailscale, Nginx and Adguard.

Basically I wanted to be able to be able to use **http://immich.network ** to route to 192.168.1.2:9000

I wanted to share the steps I took so people don't have to go through what I did.

First a few things Local Server IP: 192.168.1.2

  1. I installed Ngnix and Adguard, in a Docker Containers, and gave Adguard IPs 3000, 3001 instead of 80 and 443 because Ngnix took it.
  2. I went to my router and made it use the DNS: 192.168.1.2
  3. I configured Proxy Host in Ngnix ..... immich.network => 192.168.1.2:9000
  4. I configured DNS rewrite in Adguard .... *.network => 192.168.1.2

At this point I was able to use http://immich.network finally. I installed Tailscale to be able to access when I'm outside but http://immich.network didn't work.

These helped me https://tailscale.com/kb/1019/subnets + https://tailscale.com/kb/1054/dns?q=global+nameserver

  1. I created a subnet..... tailscale up --advertise-routes=192.168.1.0/24
  2. I approved it on Tailscale login

At this point I was able to access home server using its local IP 192.168.1.2 but I couldn't get http://immich.network to work.

  1. I created a nameserver dns with split DNS but I used my local ip.. 192.168.1.2 => network

Finally everything is working.. I have a feeling that I'm doing it wrong but I'm too tired and it's finally working.

you are viewing a single comment's thread
view the rest of the comments
[-] rhymepurple@lemmy.ml 24 points 6 months ago

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you're running your services behind Wireguard so there isn't too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you're more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won't know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).

[-] Mir@programming.dev 11 points 6 months ago* (last edited 6 months ago)

Thank you for the* so much wanted advice, it's one of the reasons I actually posted this, to get advices on how to do things better.

I've been trying to do that for a specific service running (firefly) but I can't figure out what to do exactly, about the domain name, Is there a way to do that without one?

[-] SirBoostALot@hear-me.social 0 points 6 months ago

@Mir @rhymepurple Another place you can get free domain names is freedns.afraid.org - they have been around nearly forever and all you have to do is log into their site and go to any page once every six months (I guess so they know you are still alive) but they will email you a notice a couple weeks before that time is up. And at least for me they have always been very reliable.

[-] Mir@programming.dev 1 points 6 months ago* (last edited 6 months ago)

Thank you, Might try them because duck dns domain is flagged by the browser for some reason and it's worth than no https warning

load more comments (6 replies)
load more comments (9 replies)
this post was submitted on 28 Apr 2024
283 points (100.0% liked)

Selfhosted

39866 readers
439 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS