full image - Repost: HOW TO - Share services with a custom domain, no DDNS, using Tailscale (from Reddit.com, HOW TO - Share services with a custom domain, no DDNS, using Tailscale)
Mining:
Exchanges:
Donations:
Using Tailscale, I've set up my server such that none of my services need to be published to the web, only on a Tailscale network. I just got this working for myself and I thought others might like this. The advantages here are that you don't need to worry about SSL certificates, DDNS, or paying for a domain name. And maybe even nicer, nothing is fully exposed to the big bad internet. You don't even need any ports forwarded on your router.I accomplished this by using the split-DNS feature of Tailscale. I currently have two Tailscale nodes running on my server; the first is the main node that gives complete access to the server while the second node is on a custom Docker network that contains the services I want to expose. In order to use the exposed services, other users will need to have a Tailscale account.Steps to implementCreate a custom Docker network if you haven't already and place the services you want to expose on that network. This is the most important step. Do not do any of the following without doing it on a custom network if you intend on ever sharing these services.Make a Tailscale account if you haven't alreadyInstall a Tailscale container on the custom Docker network. Again, it is extremely important this node is on the custom network.Go to your Tailscale admin console and on the Machines page, copy the IP assigned to the node you just createdAgain on the Tailscale admin console, go to the DNS page and scroll down to the Nameservers section, click Add nameserver --> Custom. Then paste the IP of the Tailscale node you created for the nameserver IP. Toggle on "Restrict to search domain (Split DNS)" and enter whatever custom domain you want to use. Keep in mind that you can't use common domains like .com, .org, .net, etc. I used .tailscale, so my services are at service1.tailscale, service2.tailscale, etc.Add a DNS server (Bind9, pihole, etc) and reverse proxy (I'm using NPM) to the custom Docker networkIn the Extra Parameters field for the DNS server and reverse proxy, add "--net=container:[name-of-Tailscale-container]". This makes it so that a single Tailscale node can act as the VPN connection, DNS server, and reverse proxy. It simplifies everything else and allows you to share all your services to other Tailscale users by sharing a single node.In the DNS server, add records for each service that all point to the IP of the Tailscale node. This must be the IP given by Tailscale, not the IP given by unRAID.In NPM (or whatever reverse proxy you're using), create a proxy host for each service you want to share. As mentioned, these will need to be service1.tailscale, service2.tailscale, etc. For the destination, input the IP and port of the service on the custom docker network. My custom network is on subnet 172.18.0.0/24, so my services are at IP 172.18.0.1, 172.18.0.2, etc. Keep in mind that because you aren't connecting to the containers through the host IP, you do not use the host port here, you use the container port. Note, you're going to want to manually assign static IPs to your services, otherwise unRAID will change the IPs whenever it reboots or Docker restarts and everything will break.Install Tailscale onto your devices and your services should be accessible at service1.tailscale and so on whenever the VPN connection is active.To share with other users, they need to create a Tailscale account. You then need to share the Tailscale node you created (ensure you don't accidentally share the host node, otherwise your entire server will be exposed). They will need to also do step 5, inputting the IP of your Tailscale node and your custom domain. They can then access your services from their devices-- as long as they're using Tailscale on the device.This is by no means comprehensive as I'm no expert, but I thought some people might like the idea of being able to access their services at easy to remember domains without any of it hitting the internet. You don't have to share your services if you don't want to; this is also nice for people who might already use Tailscale and don't want to remember port numbers for everything. If anyone has questions, I can try to help, but I'm not making any promises, lol.
Social Media Icons