Hello Self Hosters! I am new-ish… got Jellyfin working great with tailscale remote access! I love it! I keep getting deeper into this stuff and geeking out… really excited to add my next service: Self-Hosted Nextcloud.
Would someone kindly walk me through setting up reverse proxy to my stuff with Caddy? I really just want HTTPS support, as my media files are one thing, but hosting all my personal info/docs on NextCloud is quite another thing to potentially expose…I want to make sure I harden properly, and HTTPS is clearly a part of that, even if I’m running a tailscale VPN. I have done my best following the docs/tutorial so far, but I’ve hit the wall with this “start” page… Here’s what I’ve got:
- pointed my domain “A” DNS to my website as a sub-domain… so my address in caddyfile is “sub.mydomain.com”
- I’ve installed caddy directly on my unbuntu server, but I admin my Jellyfin (and eventually Nextcloud) with Docker via CasaOS interface… is this a problem? Do I need to run Caddy in docker too?
- I’ve followed the instructions on this start page and I still only get the startpage at “sub.mydomain.com”
- my tailnet server IP address is what I’m using for the reverse proxy… that’s correct, yes?
- So many things/guides just say “reverse-proxy --to …” but when I do that, I get an error saying port 80 is ‘already in use’ I have combed my configs & devices on my router…nothing is using port 80 that I can see. Ports 80 and 443 ARE forwarded/open, before you ask! -My next big step in this journey is piHole, so if this will interfere/interact with that in some important way, I appreciate the heads-up mightily!
Thank you in advance, I appreciate it!
EDIT! - CaddyOS uses 80 as default gateway, turns out! So, switched that… now Caddy is starting properly… STILL can’t get the ‘welcome’ page to go away… still a problem with my caddyfile I suppose.
Something that might help with using Tailscale and reverse proxying: you don’t have to use the IPs given to you through the tailnet if you don’t want to. Something tailnet nodes can do is serve the local subnet theyre connected to, even if you’re running the self hosted version Headscale, which is what I do. This is how I am able to have my phone and one other pc connected through Headscale/Tailscale, but still access everything on my local network.
Im assuming your Jellyfin is on your local network, and you want to connect to it through Tailscale, but still use HTTPS? If that’s the case, you don’t need to do any kind of port forwarding on your router, as everything is funneled through Tailscale anyway.
Hey thanks for addressing that. So yes, I have my local ip as a subnet… you’re saying that means i don’t necessarily need the tailnet IPv4 as my pointer?
I’ve honestly never tried it, since I have the only node in my home network serve the local subnet. It allowed me to statically assign IPs at home and still use them outside of the house. I suppose there’s nothing stopping you from using the overlay network, especially if you have all devices involved on the Tailscale network, but I didn’t feel like doing that :)