Hey all, I started my self-hosting by using the script here and modifying it to suit my needs:

https://github.com/geekau/mediastack

My only question is how I get the authentik/headscale/tailscale/cloudflare pieces working as a reverse proxy.

I think I’ve configured cloudflare correctly since I can hit my external url and it will try to redirect to authentik, but that’s really where I’m stuck.

Has anyone else used a similar stack and got it to work? Is there a guide (other than the ones used for this exact stack because they aren’t good) I can use somewhere?

Edit: to be clear, I’d like to be able to access my jellyseerr and jellyfin instances from an external url at minimum, but the more I can access, the better. I have cloudflare DNS entries for the whole stack, pretty much

  • ragingHungryPanda@piefed.keyboardvagabond.comEnglish
    1·
    12 hours ago

    tailscale is a vpn. you don’t need cloudflare for it. you do need to set up the tail scale container with your credentials from tail scale, which they have guides for. after that, log in on your machine and click the connect toggle and you’re in.

    the exit node is if you want to look like you’re at your host computer.

    • kn0wmad1c@programming.devOPEnglish
      21·
      7 hours ago

      If you look at the docker compose for the stack I’m using, cloudflare is definitely a part of it:

      https://github.com/geekau/mediastack/blob/master/full-download-vpn/docker-compose.yaml

      Headscale requires cloudflare, and tailscale requires Headscale. The documentation for how all of this ties together is really sparse, but I think I’m getting the 403 Forbidden from this part of the tailscale yml:

      --login-server=https://headscale/.$%7BCLOUDFLARE_DNS_ZONE:?err}

      Edit: Lemmy won’t let me remove the / in front of the . in the url above, and it keeps url-encoding the open curly bracket for some reason. The code block markdown should be displayed as a literal, so this feels like a bug.

      • ragingHungryPanda@piefed.keyboardvagabond.comEnglish
        2·
        7 hours ago

        that’s quite a long compose file.

        the way that I use cloud flare is with tunnels since my ISP blocks my ports. I have cloudflared running that connects to the cloudflare tunnel, which has a map of domain name to a service name, which is how services are accessed externally.

        tailscale connects to tail scales main service and that’s how I access internal systems. at least that’s how I’m running it.