this post was submitted on 04 Mar 2025
27 points (90.9% liked)

Selfhosted

43945 readers
548 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
27
Tailscale + public domain (lemmy.world)
submitted 1 week ago by marci@lemmy.world to c/selfhosted@lemmy.world
11 comments fedilink hide all child comments
 

Hi selfhosting community :)

I am hosting some services on a NixOS box (Immich, Nextcloud and some others). So far I had no problem reaching my services, just via tailscale when I am not at home.

But now I wanted to branch out and get a little fancy with https setup and a domain, so I can share my services with friends. I followed this guide and got a domain at cloudflare. However I ran into some problems.

The relevant setup:

spoilerNextcloud:

services.nextcloud = {
  enable = true;
  hostName = "nextcloud.<mydomain>.com";
  https = true;
};

Nginx:

services.nginx = {
  enable = true;
  virtualHosts = {
    "nextcloud.<mydomain>.com" = {
      forceSSL = true;
      useACMEHost = "<mydomain>.com";
    };
    "immich.<mydomain>.com" = {
      forceSSL = true;
      useACMEHost = "<mydomain>.com";
      locations."/".proxyPass = "http://127.0.0.1:2283/";
    };
    "immich.<machine>.<tailnet>.net" = {
      locations."/".proxyPass = "http://127.0.0.1:2283/";
    };
  };
};

ACME

security.acme = {
  acceptTerms = true;   
  defaults.email = "my@mail.com";
  certs."<mydomain>.com" = { 
    domain = "*.<mydomain>.com";
    group = "nginx";
    dnsProvider = "cloudflare";
    dnsPropagationCheck = true;
    credentialsFile = config.sops.secrets.cloudflare.path;
  }; 
};

My situation now is the following:

  • I can reach eg. Immich by going to http://..net:2283 (https is not working here).
  • I can not reach Immich by the domains I have setup in my Nginx configuration. So "immich...net" & "immich..com" give a "Server not found" error. I tried both 127.0.0.1 and the tailscale IP of the server in the proxyPass section.

Does one of you network wizards know where the problem lies? Or how would I go about troubleshooting the issue?

you are viewing a single comment's thread
view the rest of the comments
[–] colonelp4nic@lemmy.world 2 points 1 week ago (3 children)

This approach largely works, with the caveat that it then requires you to always be on the tailnet. If someone wants to connect locally AND via tailnet using the same URL, they'll need to push/advertise routes (or do some other hacky thing)

[–] Asparagus0098@sh.itjust.works 2 points 1 week ago

If you run adguard home it's pretty easy. Just add a DNS rewrite to your local IP.

collapsed inline media

[–] baduhai@sopuli.xyz 2 points 1 week ago

Yes, in order to access my domain on my local network, I have my pihole instance point the domain to my server's local IP.

[–] marci@lemmy.world 1 points 1 week ago

I don't have a problem to always be on the tailnet with my client devices, but it does not work even for this case.