Hello all,

I have started experimenting again with a local server and I am facing a few issues, here is my case.

I run Debian o an old HP prebuilt without GUI. I do everything with ssh from my laptop (basic connection ssh user@addr)

I have installed docker. I have installed a few containers. I also installed portainer for easier management.

All good so far because everything is local.

I have purchased a domain with cloudflare and set up a tunnel as to avoid exposing any ports and having an easier time managing and deploying stuff.

I have set up jellyfin and vaultwarden but when I tried to install nextcloud AIO it was advised to add a local reverse proxy as to avoid many problems.

My questions are:

Is the tunnel solution appropriate for jellyfin?

I suppose it’s OK for vaultwarden as there isnt much data being transfered?

Would it be better to run nginx proxy manager for everything or can I run both of the solutions?

Any general recommendations on the above and in general are appreciated!

  • OminousOrangeEnglish
    131·
    1 month ago

    I’m definitely not a network pro, but it sounds like you’re looking to do something similar to what I have.

    I’ve got nginx proxy manager as my reverse proxy with pi-hole for local DNS. All traffic goes through the pi-hole and anything going to mydomain.com has DNS entries pointing to nginx. I’ve set nginx up so service.lan.mydomain.com is for anything local and just service.mydomain.com for anything external with wildcard SSL certs for both (*.domain doesn’t seem to cover *.lan.domain so add certs for both - probably because it’s a sub-subdomain).

    The Cloudflare tunnel can then just get directed to service.mydomain.com instead of the IP of the service.

    • piracysails@lemm.eeOPEnglish
      1·
      1 month ago

      I have read all comments and most of them provide useful information but I think this is what I need indeed.

      Do you have any sources / guides on how to proceed with these configurations? :)

      • OminousOrangeEnglish
        1·
        1 month ago

        Unfortunately there isn’t really an all-in-one guide. TechnoTim has info on the Pi-hole config side and wildcard certificates, but I think he uses it with traefik.

        NPM is pretty straightforward. If you find a site isn’t working, try turning on Web Socket support.

        I’d say just search for guides on each part individually:

        1. Get all the services installed and up and running
        2. Get SSL certificates from Cloudflare for your domain.
        3. Set up NPM for the services you want to reverse proxy with your Cloudflare SSL certs (they wont work until the next step is done)
        4. Set up pi-hole to be your local DNS (there’s also adblock lists to add) and configure it to send all service(.lan).mydomain.com to the ip of NPM.
        5. Set up the Cloudflare tunnel.

        I can try to help if you run into any issues.