this post was submitted on 22 Apr 2024
17 points (87.0% liked)

Selfhosted

40882 readers
259 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I've spent too many hours googling this stuff without a solution in sight that I'm able to understand.

I am moderately new to selfhosting, especially the networking aspect. To put it simply, all I want is to be able to access my services through Tailscale by using subdomain.mydomain.com.

I have gotten so far to point my domain to my Tailscale IP (using Cloudflare's DNS), so that I don't have to copy paste the Tailscale IP, but that means I still have to type in the ports to the services. Between the posts saying Tailscale can handle this, to the ones saying Synology can do it, and the remaining posts saying to use a reverse proxy (and the ones saying reverse proxy are a bad idea because of Synology stuff) I am now very lost. The terminology is exhausting and everyone is already so knowledgeable that they skip the basic steps and go straight to complex, short answers.

I'd like to keep using Tailscale, as I don't want to deal with security issues and SSL certificates and all that, and if possible I'd like to avoid using a reverse proxy such as npm or Caddy if there's a built in Tailscale/Synology solution that works.

To me more services just means more stuff that can break, and I really just want this stuff to work without fiddling with it.

Thanks for any help you can provide

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 8 months ago* (last edited 8 months ago) (1 children)

Wow the responses here are really off at the moment. I'm going to try and help.

So, what you're going to want to do is add all the subdomain A records you need to you DNS (sounds like you're using cloudflare for that, not required, but that should be fine).

Those DNS records are all going to be the same IP record, that's fine.

What you need to do after that, so that you don't have to enter ports is a bit more complicated. For web servers, some kind of reverse proxy like nginx, haproxy, apache, etc is what you need. The term you're looking for is "virtual host".

A virtual host setup is basically one where a reverse proxy looks at the domain name that was used to access the server over HTTP and then uses that to decide what server running on the machine you actually talk to.

It's HTTP that actually is passing along the domain name you used, so if the service isn't HTTP you may or may not be able to do anything depending on the underlying protocol.

So to recap:

  1. Set up your DNS records
  2. Set up an HTTP reverse proxy
  3. Add virtual hosts for each service you added a DNS record for to the reverse proxy (so that the reverse proxy can turn foo.example.com into example.com:xyz -- localhost:xyz in practice, morally example.com:xyz though -- behind the scenes)
[–] [email protected] 1 points 8 months ago (1 children)

If they’re all resolving to the same IP and using a reverse proxy for name-based routing, there’s no need for multiple A records. A single wildcard should suffice.

[–] [email protected] 1 points 8 months ago (1 children)

I've never used wildcard DNS, I'm not even sure that Namecheap DNS supports wildcard. But I've also never been in a situation where there's a dominate single machine I want my DNS to resolve to.

After searching ... I'm not entirely sure I would use wildcard DNS https://serverfault.com/a/483625

My preferred strategy is actually alias records and then one primary address record the alias records point to so if I change IPs I can move the machine. I forgot about that last night.

[–] [email protected] 2 points 8 months ago (1 children)

I don’t think I’ve ever come across a DNS provider that blocks wildcards.

I’ve been using wildcard DNS and certificates to accompany them both at home and professional in large scale services (think hundreds to thousands of applications) for many years without an issue.

The problem described in that forum is real (and in fact is pretty much how the recent attack on Fritz!Box users works) but in practice I’ve never seen it being an issue in a service VM or container. A very easy way to avoid it completely is to just not declare your host domain the same as the one in DNS.

[–] [email protected] 1 points 8 months ago

Interesting; well it's good info/good to know it exist ... though, I'm probably going to stick to explicit listing. I like to be able to look at my DNS records and know what connects to what.