Thanks for the help. This is enough to get me started
With Crafty you can bind a specific port.
I use tailscale for public access, and have set it up so tailscale users can access the domain.
I guess what I’m asking for is NPM but for tcp.
No I’m not.
I have tailscale setup for external access. (I have dns records already in my domain provider pointing to a tailscale ip, so a device on my tailnet can access my domain. ie an authorized tailscale device can access nginx.example.com)
I want to know what I have to do to get minecraft.example.com to resolve interenally.
Oh fascinating. I’ll have to look into that
Cool okay.
What about the CNAME one?
For 4 II, its CNAME Name: @ Target: ???
What is the target supposed to be?
Edit: putting “@” for name on the A record, once saved, it changes to my domain instead of @, in your screenshot
A good dashboard helps with not remembering port numbers also. And can look slick
Holy crap thank you so much. I was literally thinking of figuring out how to do exactly this EARLIER TODAY!
Thank you again for this write up. I have almost all of what you wrote already done (cloudflare, NPM and tailscale setup) but haven’t hooked Tailscale and NPM together yet.
I have gluetun+socks5 containea running, then in an app, I put in localip:port
into a proxy field. Then that app will use that connection for internet.
Browsers on desktop also support proxies. So if you want a specific browser to always use the VPN, this is a very simple way to do that.
https://source.android.com/docs/security/features/private-space
Its not bad using the official wireguard app. Its definitely noticable. On the android battery screen it’ll show around 5% after a full day of use and it on always
For an external VPN like mullvad, I run my own proxy. Again it’s only available from my VPN or inside my network.
It uses socks5 and gluetun docket containers and in apps that support proxies, I can add my proxy to it and it’ll route that traffic through the paid VPN.
Or, a work profile (see shelter) or androids new private spaces. If you have private spaces, it uses a seperate network. So if you have a VPN installed outside the private space, it won’t work on apps inside the space. So, what you could do is have a paid VPN inside private spaces, and use it and a web browser or whatever there, and use your server’s VPN outside the private space.
Lmk if you want any of my docker composes
I keep it running always. Partly to access stuff at home, and party to get the ad-blocking from pihole.
Do not expose stuff unless you fully understand the security risks
Correct. But also public access should be considered advanced
I have setup the same thing as a temp measure, but i believe that something like Authelia or Keycloak should replace and be better than Cloudflare’s email OTP.
True. I would like to add another authentication.
I guess my question is how trustworthy is built-in authentication? I’m not really talking about vulnerabilities, but that’s a part of this, but how much trust can I put into a small projects login page being secure?
Oh yea I forgot about matrix. Maybe setting up a bridge would work. Thanks for the reminder I’ll look into this
good question. friends use discord.
Huh I’ll have to give Kodi a shot. I’ve already got a bunch of Debian experiance and have jellyfin so leaning kodi shouldn’t be too bad.
Checkout my super recent post history. I’m doing something very very similar.
Basically I’ve decided on Debian for OS, docker plus Portainer and dashy for interface, and mdadm for raid 1.
I’ve tested a raid 1 failure and rebuild on two thumb drives I have, and have everything well documented. Feel free to ask any questions.
Anything.
Personally I use Debian. But Docker doesn’t care. I chose Debian because it is very stable and simple