I have Plex, Radarr, Sonarr, Overseerr etc running in Docker containers, but have never found a good guide on how to access these (safely) from outside. I resort to connecting to a server running VNC. I’ve tried nginx but didn’t understand it, also tried Cloudflare (ditto). Is there a good, easy to understand guide on how to do this?

  • Wander@yiffit.net
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 years ago

    The best way is to have a small server with wireguard installed, which is a VPN. This runs on virtually anything, including a raspberry pi or even a router with open-wrt.

    Anyways, your wireguard server will only accept connections from devices that have its certificate (secure passwordless authentication).

    Once you’re connected to that VPN, it’s effectively as being in your home network.

    You might want to Google for guides on how to setup wireguard on a raspberry pi. Even if you don’t have a PI you’ll surely find the tutorial you need.

  • FreebooterAmazing@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 years ago

    Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.

  • root@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 years ago

    The safest (but not as convenient) way is to run a VPN, so that the services are only exposed to the VPN interface and not the whole world.

    In pfsense I specify which services my OpenVPN connections can access (just an internal facing NGINX for the most part) and then I can just go to jellyfin.homelab, etc when connected.

    Not as smooth as just having NGINX outward facing, but gives me piece of mind knowing my network is locked down

  • SheeEttin@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 years ago

    You’ve been given a the usual variety of suggestions, but I suggest also gaining an understanding of networking principles, including RFC 1918 addressing and NAT.

  • freeskier@centennialstate.social
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 years ago

    Assuming you don’t want to expose these services directly to the internet (I don’t recommend it) then you want to set up a VPN to connect back to your home network. Wireguard or OpenVPN are the most commonly used. As far as guides that will depend where/how you want to run it.

  • Veraticus@lib.lgbt
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    2 years ago

    You’re probably looking for Tailscale. Simple to use, free plan, extensible and powerful.

    • Pivot Wizard@feddit.uk
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 years ago

      In addition to the server and desktop clients, there are mobile apps for both Android and iOS.

      Can be used to connect offsite server for backups or hosting but seen as part of your local network. No need for open ports on your home router.

      Easy way to access you Plex server when away from home.

  • Smash
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    You could have a look at NginxProxyManager

  • ramblechat@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    Thanks for all the suggestions - I think Tailscale is the way to go, it didn’t take me long to set up and there is a client for all my devices.

  • FreebooterAmazing@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    2 years ago

    Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.

  • Phloating Man@monero.town
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 years ago

    Another option that might work for you is zerotier.

    And you can use sunshine/moonlight to remotely control it.

    • ozillator@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      This is my favorite method. It doesn’t require you to open any ports and minimizes your potential attack surface. You can either install zerotier on each host you want remote access to, or run an instance of zerotier in bridge mode which is essentially acting as a VPN.

  • topnomi@kbin.social
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    2 years ago

    I use caddy. Previously used traefik, but it’s more complicated than I needed.

    Caddy can be set to use a single file with all your hosted subdomain listed.

  • FreebooterAmazing@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    2 years ago

    Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.