Hello everyone

Last week I bought a domain with the intention of connecting it to my NAS so I can access my apps over the internet without tailscale (plus give access to a few family members on jellyfin). I did it through clourflare.

I was very naïve but I had no ideal of the sheer amount of learning it would require to achieve the things I’m looking to do (just basic access with some additional authentication). So far I’ve managed to publish my immich server (behind a authentication screen) but largely still very confused about how its actually working. And very confused about setting up external auth and using reverse proxy. Honestly feeling quite defeated.

I’ve posted here in the selfhosted Lemmy and you guys have been really helpful but I think I could really benefit from someone showing me and explaining how it works. I have already learnt a lot from last week but the more I learn the more questions I have.

I’ve taught myself home networking, I knew nothing about it before I built a NAS, but with this I just want to be sure I’m doing it right.

I can pay you. Not heaps but hopefully enough for 20-30 minutes of your time. Not trying to rip anyone off here haha

Thanks for all your continued advice on this

  • Postmortal_Pop@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 hour ago

    Hey if you don’t get it sorted, hit me up, I’m in the Chicago timezone and I can give you my docker file and walk you through how I did exactly the same thing you’re looking for.

  • melroy@kbin.melroy.org
    link
    fedilink
    arrow-up
    3
    ·
    7 hours ago

    I have the same request but for vlans in my house. I do have supported hardware. But I just still don’t get vlans working

    • ampersandrew@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 hours ago

      I don’t suppose your issue looks anything like my thread from this past weekend in this here community? And as a reminder, tagged ports face networking hardware, while untagged ports face end devices.

      • melroy@kbin.melroy.org
        link
        fedilink
        arrow-up
        2
        ·
        5 hours ago

        And what if I have a router (like your thread, OPNsense), top-of-rack switch (10G ports) and an access-switch (1/2.5G ports). And then the ports that face end-devices are either on the access switch (that makes sense right) as well as top-level rack switch has connections towards my server machines in my rack.

        So its bit more hardware then you initially though, and all devices technically support vlans. SO basically I had two questions in one:

        1. What would be the best VLAN setup for my needs (I expect here some follow-up questions, back and forth)
        2. How can I configurable the VLANs correctly across my various switches, such that it actually works… So I don’t accidentally lock myself out again and needed a SW reset (lol).
  • SpacePirate@feddit.nu
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    12 hours ago

    Hey! I sent you a DM about it I was thinking we could have a call on MullvadVPNs jitsi aka https://meet.mulvad.net/ where others could join! If we can find a time that works for both of us we could send it here so others who are interested can join!

  • artyom@piefed.social
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    1
    ·
    15 hours ago

    It’s a huge problem that so many people act like it’s super easy and simple. It’s incredibly complicated to someone who is not a networking professional.

    • pmk@piefed.ca
      link
      fedilink
      English
      arrow-up
      10
      ·
      9 hours ago

      This has been my experience with self-hosting too. There are so many different areas of concepts that need to form a cohesive whole. Following a how-to and pasting some commands can lead to something running, but then there are worlds of knowledge to actually understand it. Especially when complexity seems to increase exponentially.
      Funny thing is that for every low-level concept I actually learn, the more I appreciate my OpenBSD computer that I mostly play around with otherwise.

  • pcouy@lemmy.pierre-couy.fr
    link
    fedilink
    English
    arrow-up
    8
    ·
    13 hours ago

    I’m in France timezone so hopefully we can find a time of the day that works for both of us, but feel free to DM me here or on Matrix (@pcouy:matrix.pierre-couy.fr)

  • MuttMutt@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    16 hours ago

    What are you using as a router? How are you you trying to setup a reverse proxy?

    I will be honest, I would do it for free. Money is nice but helping people is more important to me than that. However my understanding is with OpnSense and using Caddy for reverse proxy with the ACME client for Let’s Encrypt certificates. Beyond that I am outside of my element.

    • philanthropicoctopus@thelemmy.clubOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      16 hours ago

      Hey

      That’s very kind of you but it’d be nice to give you something.

      What I’ve got installed in NPM, cloudflared and authentik. Just trying to figure out how to use all three or at least 2 to get my apps on the domain. Ive been able to get things moving in the cloudflare dash but I’m aware I don’t know alot about what on doing

      • node815@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        15 hours ago

        If you are using Authentik, it will work good, but may be uneccessary if all you want is secure authentication, this is becuase Cloudflare does a “Zero Trust” model in which only approved email addresses, would be able to acess your site which you have to manually approve, otherwise, they get hit with the Cloudflare wall. This is completely free and voluntary!

        In terms of Cloudflare, I assume that you have your domain all set up with the DNS servers pointed to Cloudflare from your domain registrar. This is probably the hardest part of it all. Then, it’s just a matter of setting up your redirection to your server. I used to use them but haven’t been in it for about a year now for my domains. They are a good company and will certainly help with your site’s security.

        Nginx Proxy Manager is like the reception desk for all traffic, when WWW comes in and asks for site.example.com NPM sees that and matches it up with the IP address/port of your server and sends it on it’s merry way. If you are using Cloudflare Tunnels, and after you install their tunnel adaptor, you can skip NPM and just point to the IP and internal port on your server. Pretty straight forward in that area. They have great documentation on how to do this to get you started.

        Basically, if you use Cloudflare tunnels, you can skip NPM and free up some resources if you want as it will be redundant. So, then Authentik comes in and can act as a traffic cop and protect all types of pages, ones with log in and those without.

  • ampersandrew@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    15 hours ago

    Oof, I feel you OP. I started down this road back in February, and I thought I’d be set up by now, but I’m still learning some of the pieces for a project that’s almost exactly the same as yours. If it’s any consolation, I have made a ton of progress. The hardest part can often be when you’ve chosen the pieces you want to use for your project, and then a kind stranger who means well adds extra complexity above and beyond what you want or need on top of their suggestion.