I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?

  • Lem453
    link
    fedilink
    English
    arrow-up
    14
    ·
    2 days ago

    I use plain wireguard on me phone, always on essentially with no issues. I wonder why tailscale app can’t stay open.

    • beerclue@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 days ago

      Same, wireguard with the 'WG Tunnel" app, which adds conditional Auto-Connect. If not on home wifi, connect to the tunnel.

      • Lem453
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        2 days ago

        I just stay connected to wireguard even at home, only downside is the odd time I need to chromecast, it needs to be shut off.

        • bonsai@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 day ago

          Can you add a split tunnel for just the Chromecast app (I presume that’s how it works idk I don’t use Chromecast) so that just that specific app always ignores your VPN?

          • Lem453
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 day ago

            I haven’t tried it, but the app has the ability to select which app it tunnels.

            When you make a new tunnel, it says “all applications” if you click on that you can select specific ones to include or exclude

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        edit-2
        1 day ago

        conditional Auto-Connect. If not on home wifi, connect to the tunnel.

        You don’t need this with Tailscale since it uses a separate IP range for the tunnel.

        Edit: Tailscale (and Wireguard) are peer-to-peer rather than client-server, so there’s no harm leaving it connected all the time, and hitting the VPN IPs while at home will just go over your local network.

        The one thing you probably wouldn’t do at home is use an exit node, unless you want all your traffic to go through another node on the Tailnet.

          • dan@upvote.au
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 day ago

            If you have a separate subnet for it, then why do you only want it to be connected when you’re not on home wifi? You can just leave it connected all the time since it won’t interfere with accessing anything outside that subnet.

            One of the main benefits of Wireguard (and Tailscale) is that it’s peer-to-peer rather than client-server. You can use the VPN IPs at home too, and it’ll add barely any overhead.

            (leaving it connected is assuming you’re not routing all your traffic through one of the peers)

            • beerclue@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 day ago

              My network is not publicly accessible. I can only access the internal services while connected to my VPN or when I’m physically at home. I connect to WG to use the local DNS (pihole) or to access the selfhosted stuff. I don’t need to be connected while I’m at home… In a way, I am always using the home DNS.

              Maybe I’m misunderstanding what you’re saying…

              • Lem453
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 day ago

                He’s saying that while there is no benefit to being connect to WG at home, there is also no downside so many people just stay connected all the time.

                • beerclue@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 day ago

                  Oh, I get that, but it just doesn’t make any sense to me to be physically next to the server, and connect to it via VPN…

                  • dan@upvote.au
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    18 hours ago

                    My point is that since the VPN uses a different subnet, it’s fine to keep it connected even at home. It’ll only use the VPN if you access the server’s VPN IP, not its regular IP.

                    In any case, Tailscale and Wireguard are peer-to-peer, so the connection over the VPN is still directly to the server and there’s no real disadvantage of using the VPN IP on your local network.

                • dan@upvote.au
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 day ago

                  Yeah, this. Plus if you leave it connected, you can use the VPN IPs while at home instead of having to use a different IP when at home vs when out (or deal with split horizon DNS)

    • paequ2@lemmy.today
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 days ago

      I suspect that it goes down and stays down whenever there is an app update, but I haven’t confirmed it yet.

      Does the plain wireguard app stay up during updates?

      • Lem453
        link
        fedilink
        English
        arrow-up
        10
        ·
        edit-2
        2 days ago

        Android wireguard all hasn’t been updated in 18mo. Its extremely simple with a small code base. There basically isn’t anything to update. It uses wireguard kernel module which is itself is only like 700 lines of code. It so simple that it basically became stable very quickly and there is nothing left of update right now.

        https://git.zx2c4.com/wireguard-android/about/

        I personally get the from obtainium to bypass play store