Hello SelfHosters! After getting myself a wonderfully large NAS and spending a couple days thinking about how to link up the different services, I turn to you for advice. This is my situation:
I’ve been operating a cheap VPS for a while now, which runs a bunch of services that require neither lots of storage nor compute (webserver, vaultwarden, gitea and so on). But I refuse to pay the price for a large capacity / powerful remote machine for stuff like Jellyfin or Immich, especially because I want these things to be available to me in the local network no matter the network state (internet drops frequently here). Therefor, I’ve setup a ~50TB NAS, on which I want to both store and backup larger data packets, as well as operate some storage/traffic heavy applications (Jellyfin, Immich, Nextcloud, …).
What I’m struggling with is the networking of things. My VPS sits behind a Cloudflare Proxy, and I like it that way. All services are managed via domains and accessible from anywhere via that. I neither want nor need isolation of these services by a VPN. I want to continue this way with the new homelab, but am unable to directly expose ports on my home connection, or to get a static IP. For additional complication, traffic from these data-heavy applications cannot run through Cloudflare due to their limitations on the free plan. Finally, in a perfect world, I would be able to manage the domain names for services on the Homelab in the Nginx Container on the VPS, so that everything is centralized and I don’t have separate management interfaces.
My first idea was to connect the VPS and the Homelab with a Wireguard tunnel, but since this would route traffic through Cloudflare, it wouldn’t work.
I then read about Tailscale, and that I could link up the Homelab and VPS in a tailnet, setting up the node on the VPS as subnet router for the docker network on the homelab, which would bring me to something along these lines:
In a perfect world, the Nginx container on the VPS would be able to seemlessly direct traffic to both services running on the VPS and the Homelab, and data coming from the homelab would be routed directly to the client, while VPS data would continue running through Cloudflare. This would work without the client having to connect to any VPNs or mesh networks, the domain name would have to be enough.
Maybe I’m overcomplicating things. Please don’t feel obligated to copy-paste guides, I’ll happily read external ressources that you can recommend. I’ll also provide clarifications in the comments as needed. Any pointers how you people solve this would be much appreciated.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
3 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.
[Thread #290 for this sub, first seen 19th Nov 2023, 03:15] [FAQ] [Full list] [Contact] [Source code]