I spent all day today trying to get the routing to work correctly between Tailscale, Nginx and Adguard.

Basically I wanted to be able to be able to use **http://immich.network ** to route to 192.168.1.2:9000

I wanted to share the steps I took so people don’t have to go through what I did.

First a few things Local Server IP: 192.168.1.2

  1. I installed Ngnix and Adguard, in a Docker Containers, and gave Adguard IPs 3000, 3001 instead of 80 and 443 because Ngnix took it.
  2. I went to my router and made it use the DNS: 192.168.1.2
  3. I configured Proxy Host in Ngnix … immich.network => 192.168.1.2:9000
  4. I configured DNS rewrite in Adguard … *.network => 192.168.1.2

At this point I was able to use http://immich.network finally. I installed Tailscale to be able to access when I’m outside but http://immich.network didn’t work.

These helped me https://tailscale.com/kb/1019/subnets + https://tailscale.com/kb/1054/dns?q=global+nameserver

  1. I created a subnet… tailscale up --advertise-routes=192.168.1.0/24
  2. I approved it on Tailscale login

At this point I was able to access home server using its local IP 192.168.1.2 but I couldn’t get http://immich.network to work.

  1. I created a nameserver dns with split DNS but I used my local ip… 192.168.1.2 => network

Finally everything is working… I have a feeling that I’m doing it wrong but I’m too tired and it’s finally working.

  • rhymepurple@lemmy.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    Congrats on getting everything working - it looks great!

    One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you’re running your services behind Wireguard so there isn’t too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you’re more likely to run into issues with services not running on HTTPS.

    The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won’t know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).

    • Mir@programming.devOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      7 months ago

      Thank you for the* so much wanted advice, it’s one of the reasons I actually posted this, to get advices on how to do things better.

      I’ve been trying to do that for a specific service running (firefly) but I can’t figure out what to do exactly, about the domain name, Is there a way to do that without one?

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CA (SSL) Certificate Authority
    DNS Domain Name Service/System
    HTTP Hypertext Transfer Protocol, the Web
    HTTPS HTTP over SSL
    IP Internet Protocol
    SSL Secure Sockets Layer, for transparent encryption
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)
    XMPP Extensible Messaging and Presence Protocol (‘Jabber’) for open instant messaging
    nginx Popular HTTP server

    10 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.

    [Thread #719 for this sub, first seen 28th Apr 2024, 06:25] [FAQ] [Full list] [Contact] [Source code]

  • dutchkimble@lemy.lol
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    I used chatgpt to create the exact steps, commands and configurations I needed for my setup and achieved this the seemingly cheatful way. I used nginx and certbot. Worked like a charm. Congrats!

    • Mir@programming.devOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      I used chatgpt to create the exact steps, commands and configurations I needed for my setup and achieved this the seemingly cheatful way. I used nginx and certbot. Worked like a charm. Congrats!

      It’s impressive that you was able to get it to help you correctly. It usually just spew things i need to fix that’s why I didn’t ask him, thank you for the tip.

      Btw did you use a custom local domain name or did you use an actual domain ?

      • dutchkimble@lemy.lol
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        Thanks, it took some prompts but it worked in the end! I used a few subdomains of an actual domain I use for email…

        • Mir@programming.devOP
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          I just finished the SSL today, but have you gotten Syncthing GUI to work though? I can’t seem to get it to work with the domain for some reason.