proxmox
No more Cloudflare Tunnels for me…
No more Cloudflare Tunnels for me…
#Cloudflare #Tunnels #me..
“Raid Owl”
Try American Cloud ($10 w/ my link) –
Tailscale –
Nginx Proxy Manager –
——————————————————————————————-
🛒 Amazon Shop -…
source
To see the full content, share this page by clicking one of the buttons below |
Lol those vps prices are insane nowadays. You can get dedicated servers with raid 1 for that money wtf.
I've been using this exact setup for a few years. Well, not this exact setup…. Just using Namecheap for name server management and using Oracle Cloud because it's free.
Was actually going to do a video about it until you stole my thunder! Thanks for that 😂 Still might to cover the couple points you missed 🤔
Thanks for showcasing it, though! Definitely a cool way to go!
Depending on the use case, both Cloudflare tunnel and tailscale are viable options. Cloudflare is nice for simple sites like overseer or home assistant, but I would definitely use tailscale for services like jellyfin and Plex!
nah. Why give third party all possible access to you traffic? Just use raw wireguard.
Tailscale is such a killer solution. We have the enterprise license for work and it eliminated so many time consuming tasks. At home it's running on my Apple TV acting as a subnet router – probably the most set-and-forget and low power solution out there.
In my experience switching from ipv4 to ipv6 solved cgnat issue. +Using cloudflare proxy in dns records provides protection as well as ipv4 access
Been doing exactly this for a few months except for one little thing that makes a huge difference:
I'm using the Tailscale IPs in Ngnix Proxy Manager. That way they're protected by my ACLs in Tailscale. So my stuff is only accessible from within my Tailnet with 0 open ports open to the Internet.
Also, using a $5 linode on akamai and it is more than enough. Haven't hit any data caps on the VPS even while accessing my Linux ISOs.
You could also use Tailscale Serve and Docker to eliminate NPM altogether.
Why is the VPS necessary? Why not just access Tailscale containers directly? If you enable Tailscale's MagicDNS you get a fully qualified domain name by which machines/services can be accessed privately over your tailnet. If you need to share those machines/services with others, tailscale lets you share devices on your tailnet with other tailscale users. If they are not a tailscale user, and you still want to share with them, you can make the device available publicly via Tailscale Funnel. So what am I missing here? Why the need for the VPS?
Why all of this when you can just use Tailscale ?
funny thing that i had something similar idea some months ago where I ran a Wireguard server on my end and connected it to a VPS the same way just with a Wireguard client and nginx proxy manager on the vps it self, for a test really I do have a static IP but it was fun to try it out and only have one port exposes was kinda a benefit, have to try it some time later.
No headscale?
I've gotten around a shared external IPv4 by using the IPv6 that was unique and then do a NAT from the ipv4 of my external server to the ipv6 of my home system.
Please note that you need to disable Cloudflare proxying (make the cloud gray) for it to actually comply with ToS when using high bandwidth apps
this was a good evolution – rproxy over wireguard to nginx from apache works well – fairly basic after you wrap your brain around it
Get Out of my head! I had the same plan to build this on my Weekend 😂
If I am correct, this can be done without cloudflare? As long as your domain name provider has their own DNS? Or is cloudflare an integral part of this?
Been using tailscale within my lab for a bit over a year. Solid bit of kit.
I was about to get in this rabbithole until Ubiquiti announced Site Magic(needs Ubiquiti consoles and one public IP to work) working good 6 months now
Every time I hear the tic tac commercial I think about my wife thinking about me
NEVER EVER leave an Nginx Proxy Manager web ui open to the internet, it is not meant to be a secure service that can receive internet traffic.
Just use rathole, much faster and won't need tailscale
Im a bit confused was the issue with cloudflare tunnels the limitations on video streaming or privacy because right now with this arent you just trusting a different company like american cloud access to your tailscale vpn that comes directly in to your home? You are basically just trusting american cloud instead of cloudflare and by that logic alot more as cloudflare can see only whats being shared on that tunnel?
Color me weird, I just use nginx locally on my server (not docker), then just use tailscale to connect to nginx which does all the traffic routing for me.
Nice lightweight uses less than 100kb of memeory
No need for any of this port or monthly cost stuff. Either host the DNS server yourself or add the ip from tailscale to cloudflare for your services. (The IP should be the VM or LXC you have both Tailscale and NPM/Traefik installed on.) Only devices approved on your tailnet can access the services. Nothings 'exposed' and even publicly posting your IP makes no difference as no one can access it unless i approve your device beforehand. 🙂
That is basically what I used last year to allow my parents to watch jellyfin while I'm hosting it on my university campus dorm wifi on my Windows desktop, I was even able to get Minecraft tunneled. Speed isn't so great but that's b/c my dorm throttle connection at 30 Mbps, so transcoding is a necessity. I used Oracle Clouds which is completely free. Now since my parents upgraded internet with faster upload, I just permanently setup my hard drives and servers at home and I don't use this anymore. Still a good trick for bypassing CGNAT or internet restrictions.
For my jellyfin server I set up a ssh tunnel to an Oracle Cloud instance via a cobbled-together autossh docker service. I'm pretty proud of it, and I learned how to make docker containers in the process.
This setup looks a lot cleaner though.
Didnt quite catch why this over Cloudflare tunnels? CF tunnel have functions like Geoblocking, WAF, SSO, etc. Does Tailscale? Or why this instead of Wireguard tunnel?
Why did you choose proxied for dns cloudflare ?
Can't this be done by simply using SSH reverse tunneling instead of Tailscale?
Using netbird instead of tailscale because it is completely open source and it can completely be self hosted. I'm still thinking about how I can make it so that the Nginx Proxy Manager web interface (port 81) can only be accessed via the private tunnel and not via the Internet. Shouldn't really be a problem. This would mean that it would no longer be a tragedy that Nginx does not support MFA.
Gotta love that old CGNAT.
If we knew what it stood for. Cheers
Hey Brett (small squeaky voice/head), if you are already using a VPS, why don't you run your own HeadScale server on it? Then you don't even need a TailScale account.
As shown in the video "American Cloud" wants $43/month for this VPS, while any $5/month box from DigitalOcean, Linode or Vultr would do just fine for the task. I get it that you had or still have a sponsorship deal from them, but they are really, really mediocre in their space and their offers are not attractive. Agreeing on sponsorship to promote a mediocre product is nothing to be proud of.
If you put it at a friend’s house, would your media have to pass through their home to serve, and thus be limited by their upstream bandwidth? I have decent upstream but have cgnat. My parents do not, but have a public ip.
Great video! This is something that I want to look into for work so it is good timing.
You do know you can use ip and ditch Cloudflare if you don’t want to expose your services to the internet, right? For me, I don’t think I will open my truenas to the world😂
Very applicable for me.
I just have a pigeon carry a usb stick to the server. A bit of a hassle to setup but at least I don't have to deal with cg nat!