I have an openwrt router at home which also acts as my home server. It’s running a bunch of services using docker (Jellyfin, Nextcloud, etc.)
I have set up an SSH tunnel between my openwrt router and VPS and can access jellyfin successfully.
I understand that I need to set up a reverse proxy to access multiple services and have https.
But I’m confused if I should set up this reverse proxy on the VPS or on the router itself. Is nginx the easiest option? Should i add subdomains in cloudflare for every service?
Pease don’t recommend vpns since they are all blocked where i live (wireguard, tailscale openVPN, etc.) I’m limited to using ssh tunneling only.
Thanks
Firstly…why are you routing your home stuff through a VPS? I’m confused on what is happening here.
If you just want to access your things remotely, setup a VPN server on the router, and connect to it that way. You also dont need a reverse proxy or SSL if you’re already accessing things over a secured connection. Where did you get this info from?
How can something like Tailscale be blocked?
Unfortunately, Deep Packet Inspection does this as Tailscale/Wireguard does not encrypt trafficMy bad, it encrypts traffic, but I mean easily readable signature
Wireguard, like all VPNs, definitely does E2E encryption. What would be the point of an unencrypted VPN?
https://www.wireguard.com/protocol/
Looks like wireguard encrypts traffic to me.
It’s easily detected by firewalls in China and Iran.
Interesting, because Tailacale doesn’t use any special ports. How would that be detected? And could you maybe use Headscale on a dynamic port to circumvent that?
Wireguard is blocked at protocol level no matter which port you use. Tailsclale uses wireguard. Haven’t tried headscale yet.
If you are new i recommend “Caddy V2”
It is by far the easiest.
Wait with Nginx until you’re better. (and even then, use linuxserverio/swag instead of nginx)
As someone who used caddy over years, I can’t completely agree.
Caddy has some downsides (nextcloud needs special setup for example) and not everyone is familiar with writing a Caddyfile. (Json)
For someone new I would recommend “nginx proxy manager”. Easy to install with docker and self explained through GUI.
i actually think NPM is more confusing. 1: there are practically always already finished Files for Caddy V2. Most of the times directly in the Repo of the Project. A lot of Devs use Caddy themselves. 2: NPM exposes a lot of Options additionally. This can confuse newcomers. With Caddy, all these extra options are invisible. you just write and see “reverse_proxy jellyfin” and that’s it.