Hey all, I started my self-hosting by using the script here and modifying it to suit my needs:
https://github.com/geekau/mediastack
My only question is how I get the authentik/headscale/tailscale/cloudflare pieces working as a reverse proxy.
I think I’ve configured cloudflare correctly since I can hit my external url and it will try to redirect to authentik, but that’s really where I’m stuck.
Has anyone else used a similar stack and got it to work? Is there a guide (other than the ones used for this exact stack because they aren’t good) I can use somewhere?
Edit: to be clear, I’d like to be able to access my jellyseerr and jellyfin instances from an external url at minimum, but the more I can access, the better. I have cloudflare DNS entries for the whole stack, pretty much
If you look at the docker compose for the stack I’m using, cloudflare is definitely a part of it:
https://github.com/geekau/mediastack/blob/master/full-download-vpn/docker-compose.yaml
Headscale requires cloudflare, and tailscale requires Headscale. The documentation for how all of this ties together is really sparse, but I think I’m getting the 403 Forbidden from this part of the tailscale yml:
--login-server=https://headscale/.$%7BCLOUDFLARE_DNS_ZONE:?err}Edit: Lemmy won’t let me remove the / in front of the . in the url above, and it keeps url-encoding the open curly bracket for some reason. The code block markdown should be displayed as a literal, so this feels like a bug.
that’s quite a long compose file.
the way that I use cloud flare is with tunnels since my ISP blocks my ports. I have cloudflared running that connects to the cloudflare tunnel, which has a map of domain name to a service name, which is how services are accessed externally.
tailscale connects to tail scales main service and that’s how I access internal systems. at least that’s how I’m running it.