WingNews logo WingNews
top | item 37015924

(no title)

pheeney | 2 years ago

Do you have any recommendations for tutorials on setting this all up with docker?

How do you connect outside the network?

I am running DDNS to access my home services and it has been very error prone and frustrating. I moved some services back to the cloud because the bots were using all my DSL upload that we didn’t have enough bandwidth to work even with cloudflare firewalls.

discuss

order

ecliptik|2 years ago

I have an artisanal handcrafted docker-compose stack for them, so everything is containerized. It's on my todo to write a blog post about the setup.

There's an nginx reverse-proxy container in the stack that routes traffic to the individual service containers via the servername; eg nitter.tail.net goes to the nitter container, teddit.tail.net goes to the teddit container, etc.

The nginx proxy only listens on the Tailnet interface and only accepts connections from the Tailnet CIDR, therefore any device I have on my tailnet can access them. Letsencrypt is also setup so everything is over https.

This allows me to access them from my phone, laptop, whatever when connected using Tailscale.

Tailscale essentially let me completely remove any need for port forwarding on my router and still have global access. It's truly amazing.

ecliptik|2 years ago

While not a blog post, I created a Privacy Frontends with Tailscale repo on Github with this this setup using Tailscale MagicDNS and Caddy.

https://github.com/ecliptik/tailscale-privacy-frontends

I've tested it out on a new Tailnet on a t3.medium EC2 instance and it works relatively well. Adding new services should be relatively easy.

I'm planning to write up a post about the more technical details on the stack still.

xav0989|2 years ago

I have a similar-ish setup, but using nomad as my executor, and traefik running on a public machine doing the routing.

Basically all the services on nomad listen on the tailnet, and traefik straddles the tailnet and the public internet. It then loads the service configurations from nomad and exposes them using let’s encrypt certificates.

heybrendan|2 years ago

+1 Would very much welcome you authoring something on this topic.

chrisweekly|2 years ago

+1 for the blog post howto idea

hypercube33|2 years ago

+1 as well. right now I'm using route 53 and some funky scripts to pull ip from DNS and update it for site to site links

metadat|2 years ago

If you wouldn't mind, any chance you can ping me once you publish this? You can reach me at collect.metadat attt gmail.