Comment

Comment on What's up, selfhosters? It's selfhosting Sunday again!

augustus672@lemmy.world ⁨10⁩ ⁨months⁩ ago

Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there’s anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.

source

Sort:hotnew top

couch1potato@lemmy.dbzer0.com ⁨10⁩ ⁨months⁩ ago
I have caddy on a vps that serves as a tailscale exit node and also reverse proxies over the tailnet. My pfsense router is also in the tailnet and exposes some subnet ip addresses to the tailnet. So for example I have public domain watch.example.com hits my caddy and gets proxied to internal IP 192.168.31.48 which is my jellyfin docker.

source
sneakyninjapants@sh.itjust.works ⁨10⁩ ⁨months⁩ ago
Might look into the pangolin project if what you’re trying to do is expose services from your home network over wireguard to a reverse proxy on a vps.
The software suite is basically wireguard, traefik, and auth middleware wrapped in a trenchcoat. Much simpler than rolling your own implementation, but there has been recent controversy with the project over locking “basic” existing features behind a paywall after the project got popular, though after public backlash they’ve backpedaled on that iirc.

Edit: Just realized you said tailscale. Above recommendation might be a deal breaker depending on your reason for wanting tailscale specifically

source
- augustus672@lemmy.world ⁨10⁩ ⁨months⁩ ago
  All good, thanks for the recommendation. I’m using tailscale as I currently don’t want to expose anything over the Internet and also don’t mind tailscale being a freemium service. I might still look at pangolin just to expand my knowledge.
  
  source

irmadlad@lemmy.world ⁨10⁩ ⁨months⁩ ago

You can restrict Caddy access to use your tailscale. For instance in your Caddyfile:

For tailscale ip range:

myverycoolserver.duckdns.org {
    @allowed {
        remote_ip 100.64.0.0/10  # Allow Tailscale IP range
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}

For specific tailscale IP:

myverycoolserver.duckdns.org {
    @allowed {
        remote_ip YOUR_TAILSCALE_IP  # Replace with the specific Tailscale IP
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}

source

MangoPenguin@lemmy.blahaj.zone ⁨10⁩ ⁨months⁩ ago
It should be the same setup regardless if you’re using a VPN or not.

source
catloaf@lemm.ee ⁨10⁩ ⁨months⁩ ago
You’re gonna need to provide more detail on what you’re trying to do

source