Hi, I moved this year to another city, because my internet provider didn’t give me a dedicated ipv4 address I can’t use a dyndns like duckdns. Another thing to mention is, that I have a dslite tunnel. So I can’t set up dyndns…
So my recent setup is a truenas server sitting under my desk. This is connected via cloudflared to the cloudflare tunnel. There I have my services like seafile or nextcloud configured. They are all pointing to a traefik instance that routes the traffic to the right container.
So to summarize what I have:
- Truenas server
- multiple services
- dslite tunnel
- own domain
- Cloudflare tunnel
- v-server
- Nginx
- docker
To visualize the route the traffic is going
Internet - cloudflare tunnel - cloudfared docker - traefik docker - service (nextcloud) docker
So I want to setup something on my v-server that routes the traffic to my homeserver (truenas)
Internet - DNS (cloudflare) - v-server - (magic docker service on truenas) - traefik docker - service (nextcloud) docker
Does someone have an idea how to solve this?
You must log in or register to comment.
My suggestion would be to setup a VPN service in your publicly available v-server. The most suggested solution is wireguard.
Then you can connect your truenas to that VPN and make it accessible, maybe via nginx.
The traffic flow would be:
nginx on v-server --(wireguard)--> traefik --> NextcloudThat’s a good point. But that’s also the point where my tinkering won’t help me… Do you have a writeup or a yt video where nginx points to the wireguard VPN? Another question. If I set up the wireguard tunnel, how can I just route the traffic from traefik?
I found this writeup and it looks correct, but I have not tested it.
The author posted a nice graphic that shows the idea:
I’m not sure I understand why they need two Caddy servers. The first one should be a simple port forward, no need for a proxy forward. Unless they want to do something with the connections at application level, but it sounds like they simply forward them as-is.
You need two caddy servers if there are other websites on the vserver that will use port 80/443. If not, port forwarding (eg. with iptables) will work.
Install Tailscale (1) on the VPS and (2) in a Docker container on TrueNAS. The Tailscale container #2 will replace the cloudflared container. Set the Tailscale #2 node as a subnet router exposing the Traefik container’s netmask (you probably already know how to get networking going between two Docker containers).
What you’ll end up with:
Internet -> DNS (your domain) -> VPS public IP (Tailscale node #1 ===> Tailscale node #2 in Docker on TrueNas) -> Traefik -> web apps on your TrueNAS
Tailscale is not bandwidth-limited like Cloudflare because the nodes only use Tailscale’s servers for the initial rendez-vous (to get out of NAT), then you will use the direct bandwidth between the VPS and your home connection.
You will also be able to use other DNS services if you want, because you won’t be forced to use Cloudflare’s anymore.
This actually sounds insanely cool. Without having looked at their documentation, can you make a rough statement about the required hardware power for the VPS, especially if traffic may include bandwith heavy stuff like movie streaming or large data up/downloads?
In that case you should probably give up using your own domain and take the one from Tailscale because they would intermediate direct connections whenever possible.
The main limitation on the VPS would be bandwidth as well as total transfer, not so much processing power because their just be moving stuff through. They all come with limits.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CF CloudFlare CGNAT Carrier-Grade NAT DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation SSH Secure Shell for remote terminal access VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
10 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #238 for this sub, first seen 24th Oct 2023, 16:55] [FAQ] [Full list] [Contact] [Source code]
Besides the great suggestions others have given, the OpenZiti project (openziti.io) looks interesting, though I haven’t found the need or time to try it out.
A linode vps is what I use
rathole aims to be somewhat of a replacement for CF tunnels. It was featured on noted some time ago: https://noted.lol/cgnat-and-rathole/
This question is not related to the question you ask but where did you learn to configure traefik? When I try it out I didn’t understand how to route traffic through that.
So I use traefik on my truenas server from the truecharts catalogue. If you need help there I can send you the corresponding links from the
website later, I am not at the computer right now.
I will really appreciate if you send me the links! The image is broken and not loading :(
So here is the setup for truecharts with traefik and the things needed for proper truecharts setup: https://truecharts.org/manual/SCALE/guides/getting-started
Do you also use cloudflare tunnel?
deleted by creator
The problem is with nextcloud on my end. Some files just can’t get synced and bigger files won’t even go through. Perhaps something is misconfigured, but I think I red something, that cloudflare tunnels only support x gb of traffic at once.
The easiest way I found to passthrough a cgnat is using a VPN.
I suggest using Tailscale, cause it does some tricks to bypass cgnat and you can access your truenas server.
