Comment on Replacing Cloudflare Tunnels with Tailscale?
Dave811@lemmy.today 11 months ago
So my post was the one to get rid of the cloudflare tunnel.
Basically I set up a tailscail docker on my home server and connected it with a one time key from tailscale. There I exposed my local network. (Perhaps secure that only to your homeserver IP)
Then I set up a Debian Server which hosts a lot of other stuff. But there I also installed tailscail and connected it to my account.
After this the most important part! I wasted hours to find this line of code sudo tailscale up --accept-routes
With that you allow the external server to accept routes. Otherwise you can’t redirect to your homeserver
The next step I took was to install nginx and setup a reverse proxy to my traefik docker on my home network
Here I routed the domain with every subdomain (*.your.domain) to my homeserver.
My homeserver took care of the https certificate so my nginx server only redirects traefik from port 80.
I can share my configs later but I have a little problem with large nextcloud uploads. And I don’t have the previously working nginx config anymore… So I need to dig a bit further again.
Ask me questions, but I can only answer them in about 7h Hope my late night writing makes sense.
node815@lemmy.world 11 months ago
Nice! So, using the --accept-routes part, does that allow you to use a CNAME record to your funnel’s address (machine.tailscale-id.ts.net) ? I tried to do this and it failed to resolve for reasons of too many redirects.
Dave811@lemmy.today 11 months ago
I didn’t try that, I use the static local ipv4 address of my network. Like http(s)://192.168.1.3:443
node815@lemmy.world 11 months ago
Gotcha, so normal means of exposing services via reverse proxy. :)
Dave811@lemmy.today 11 months ago
To be clear I ran that on my reverse proxy server. In the tailscail dashboard you also need to enable the subnet