I have Plex, Radarr, Sonarr, Overseerr etc running in Docker containers, but have never found a good guide on how to access these (safely) from outside. I resort to connecting to a server running VNC.
I’ve tried nginx but didn’t understand it, also tried Cloudflare (ditto).
Is there a good, easy to understand guide on how to do this?
The best way is to have a small server with wireguard installed, which is a VPN. This runs on virtually anything, including a raspberry pi or even a router with open-wrt.
Anyways, your wireguard server will only accept connections from devices that have its certificate (secure passwordless authentication).
Once you’re connected to that VPN, it’s effectively as being in your home network.
You might want to Google for guides on how to setup wireguard on a raspberry pi. Even if you don’t have a PI you’ll surely find the tutorial you need.
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
Up until now I’ve been using Traefik and a pihole with Local DNS records so I can remotely access my services when connected to Tailscale. It’d be nice to be able to point to http://jellyfin rather than http://jellyfin.server.home, for example
This is my favorite method. It doesn’t require you to open any ports and minimizes your potential attack surface. You can either install zerotier on each host you want remote access to, or run an instance of zerotier in bridge mode which is essentially acting as a VPN.
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
Assuming you don’t want to expose these services directly to the internet (I don’t recommend it) then you want to set up a VPN to connect back to your home network. Wireguard or OpenVPN are the most commonly used. As far as guides that will depend where/how you want to run it.
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
The safest (but not as convenient) way is to run a VPN, so that the services are only exposed to the VPN interface and not the whole world.
In pfsense I specify which services my OpenVPN connections can access (just an internal facing NGINX for the most part) and then I can just go to jellyfin.homelab, etc when connected.
Not as smooth as just having NGINX outward facing, but gives me piece of mind knowing my network is locked down
You’ve been given a the usual variety of suggestions, but I suggest also gaining an understanding of networking principles, including RFC 1918 addressing and NAT.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
ssh -D 8080 your.machine and then add localhost:8080 as a proxy to your browser
The best way is to have a small server with wireguard installed, which is a VPN. This runs on virtually anything, including a raspberry pi or even a router with open-wrt.
Anyways, your wireguard server will only accept connections from devices that have its certificate (secure passwordless authentication).
Once you’re connected to that VPN, it’s effectively as being in your home network.
You might want to Google for guides on how to setup wireguard on a raspberry pi. Even if you don’t have a PI you’ll surely find the tutorial you need.
Specifically, this:
https://pivpn.io/
PiVPN is great. Works on just as well on a standard server with Ubuntu.
Yep, using PiVPN on an Ubuntu server too, works like a charm :D
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
First time I’m hearing of this. Thanks for the heads up.
https://tailscale.dev/blog/docker-mod-tailscale
Up until now I’ve been using Traefik and a pihole with Local DNS records so I can remotely access my services when connected to Tailscale. It’d be nice to be able to point to http://jellyfin rather than http://jellyfin.server.home, for example
Another option that might work for you is zerotier.
And you can use sunshine/moonlight to remotely control it.
This is my favorite method. It doesn’t require you to open any ports and minimizes your potential attack surface. You can either install zerotier on each host you want remote access to, or run an instance of zerotier in bridge mode which is essentially acting as a VPN.
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
I would look into Tailscale. This would probably be the easiest to setup.
This!
You’re probably looking for Tailscale. Simple to use, free plan, extensible and powerful.
Assuming you don’t want to expose these services directly to the internet (I don’t recommend it) then you want to set up a VPN to connect back to your home network. Wireguard or OpenVPN are the most commonly used. As far as guides that will depend where/how you want to run it.
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
The safest (but not as convenient) way is to run a VPN, so that the services are only exposed to the VPN interface and not the whole world.
In pfsense I specify which services my OpenVPN connections can access (just an internal facing NGINX for the most part) and then I can just go to jellyfin.homelab, etc when connected.
Not as smooth as just having NGINX outward facing, but gives me piece of mind knowing my network is locked down
You’ve been given a the usual variety of suggestions, but I suggest also gaining an understanding of networking principles, including RFC 1918 addressing and NAT.