I spent all day today trying to get the routing to work correctly between Tailscale, Nginx and Adguard.

Basically I wanted to be able to be able to use **http://immich.network ** to route to 192.168.1.2:9000

I wanted to share the steps I took so people don’t have to go through what I did.

First a few things Local Server IP: 192.168.1.2

  1. I installed Ngnix and Adguard, in a Docker Containers, and gave Adguard IPs 3000, 3001 instead of 80 and 443 because Ngnix took it.
  2. I went to my router and made it use the DNS: 192.168.1.2
  3. I configured Proxy Host in Ngnix … immich.network => 192.168.1.2:9000
  4. I configured DNS rewrite in Adguard … *.network => 192.168.1.2

At this point I was able to use http://immich.network finally. I installed Tailscale to be able to access when I’m outside but http://immich.network didn’t work.

These helped me https://tailscale.com/kb/1019/subnets + https://tailscale.com/kb/1054/dns?q=global+nameserver

  1. I created a subnet… tailscale up --advertise-routes=192.168.1.0/24
  2. I approved it on Tailscale login

At this point I was able to access home server using its local IP 192.168.1.2 but I couldn’t get http://immich.network to work.

  1. I created a nameserver dns with split DNS but I used my local ip… 192.168.1.2 => network

Finally everything is working… I have a feeling that I’m doing it wrong but I’m too tired and it’s finally working.

  • N0x0n
    link
    fedilink
    English
    arrow-up
    13
    ·
    8 months ago

    Congrats !!!

    Only one day? Lucky you ! It took me a whole week to get it to work with self-signed ssl certificate behind Traefik + docker + Adguardhome.

    Adguard home rewrites and the correct certificate configuration solved most of my isues (android can be picky with self-signed root certificates). But I learned ALOT through the whole week, so I didn’t waste my time :).

    I hope you too learned alot :) but if I may, I would switch from AdguardHome to Pi-hole.

    I know… AdguardHomes functionalities and UI are awesome and overpass Pi-Holes’ but since I saw they add some strange trackers and very sketchy DNS request in their AdguardVPN android application, I don’t trust them anymore !

    • lemmyreader
      link
      fedilink
      English
      arrow-up
      5
      ·
      8 months ago

      I hope you too learned alot :) but if I may, I would switch from AdguardHome to Pi-hole.

      +1

      • pi-hole rocks! :)
      • N0x0n
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        It does !! I really like it and was easy peasy to make the switch. But I have to admit, AdguardHome’s UI and DNS logs are way more detailed and I’m missing a few features I used with AGH. But nothing to critical that makes pi-hole unusable in my workflow !

        But yeah, they do not have the same budget… That’s a good tradeoff i’m willing to take for my privacy :).

        And one day, when I get a job I will surely donate to them.

    • Mir@programming.devOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      I just finished the SSL today, but have you gotten Syncthing GUI to work though? I can’t seem to get it to work with the domain for some reason.

      • N0x0n
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        Hummm, I have a syncthing instance in a docker compose, so yeah I can access it through my ssl domain (https://syncthing.home.lab) but traefik takes care of everything.

        Now if it’s on your local machine you’re trying to use your SSL certificate I don’t know, I always access it through the local ip (127.0.0.1:8384).

        If I had to guess or give it a try, I would point the IP to my dns through my host file on my machine. But that’s just a wild guess :/

        I think syncthing has a good documentation about it :)

        • Mir@programming.devOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          I can access using the local ip but I can’t access using the ssl domain, I can access it but I can’t login for some reason. I can’t figure out how to fix it

        • skittlebrau@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          8 months ago

          You could use split DNS on your router (or wherever your DNS is) so that when you visit the syncthing address on your local network, you’re being directed to traefik.

          I use a domain override in pfsense for syncthing.myhomelab.com which points to my reverse proxy’s local IP.