Remotely access and share your self-hosted services

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi I'm Alex from tailscale and in today's video I'm going to show you how to use image a self-hosted photo backup solution and share that with friends and family let's say you've just taken a big trip and you want to share all the pictures that are on your hard drive with your family that lives somewhere else while using tail scale and caddy a reverse proxy in today's video I'm going to show you how to do just that all right so who is this video for well it's for those of you that already have self-hosted Services running I'm not going to cover how to set up image or audio bookshelf or anything like that in this video but what I am going to do and there'll be chapter markers down below is cover how to set the remote person portion up so you could share this video with the relative or with the friend and say follow these steps in this video download tail scale in this way and this is how you as the remote person can actually go about getting access to the service that I am hosting if you do need a helping hand setting up these applications there are some links down below to some sample code for setting up jelly fin audio bookshelf as well as image and caddy as well but like I say that isn't the focus for today's video we're going to be focusing on tail scale today and specifically custom domain support that's the key part because you can share a lot of this stuff already just using tail scale serve that's built into tail scale what makes today's solution unique is that we're using caddy as a reverse proxy to support a domain name that you already own so Alex's domain.com something like that and so the service that we're going to use today is image this is basically a self-hosted replacement for Google photos any pictures I take on my phone get automatically backed up to image I can create albums I can scan for faces I can you know do all that kind of stuff that you would do on Google photos except for the fact the data never leaves my server and never leaves my infrastructure so taking a look at what we've got over here you can see that I've already got image running at image. ru. dots andstuff dodev this is a domain name that I own I purchased it for about $13 from name cheap you can buy your own again for that sort of1 $15 price point it's not too expensive to have your own domain name these days imit is currently being served through a reverse proxy called caddy this automatically handles all of my TLS certificates and everything like that from let's encrypt but I've never really liked the name reverse proxy it doesn't explain very well what it does and I thought about this the other day and when you walk into a bar there's a bartender right you want to buy a drink there's a bunch of bottles behind the bartender you know some whiskies some Gins that kind of thing and you think to yourself I want access to those resources behind the bartender well that's what a reverse proxy is doing you place a request you order a drink and the bartender or the reverse proxy has permission to go and get that resource for you on the back end it has the logic of knowing which server is able to serve that that web request and so what we're going to do today is share that reverse proxy out over your tail net we're going to put a c name into a public registra pointing to the ts.net entry which is your personal private DNS name given to your tailet so that it only resolves over your tailet you're not exposing any of this to the internet and that's such a crucial difference between doing this with something like port forwarding or firewall rules or something like that all of this remains completely offline you know that we're not exposing any of this to the public internet and so you as the administrator of the image instance Your Role here is to make sure that your reverse proxy is working so in our case that's caddy and then you're going to need to put an entry into Cloud flare as a public DNS record we'll come on to that in just a second so let's take a look at my tail scale admin console over here you can see that I've got a caddy node in my tailet the actual image service is being served through this auntu server down here here at the bottom but at the top here we've got caddy as the reverse proxy as another node on the tailet now I'm using proxmox underhood you can do this however you like but I'm going to use proxmox to show you today in here we can see that we have caddy running so if I type caddy for example it's installed I have it installed as a system D service and there'll be links in the description down below to all of the resources if you want to do this in an lxc container using systemd to run caddy as a service as well now if I do a tail scale status inside this lxc container you can see that it's just behaving like any other tail scale node on my tailet but what's interesting is if we take a look at the caddy file that I'm using by the way the caddy file is the way that we tell caddy what we want to proxy where so you can see here for example I've got three services that I'm proxying through my caddy instance first of all we've got image running on one 192168 111013 on Port 2283 the the next one we've got is audio bookshelf this is a self-hosted audio book app and you can see that this one is actually running on the tailet IP of the auntu server as well and then finally we've got jellyfin which is a self-hosted media server that doesn't need the cloud or anything like that and all we're using there is the DNS name through tail scales magic DNS feature of ubu ubu 2204 D server now I I chose these three services in this way to show you the different way you could configure your caddy file using a local Lan IP address so this box could be something that's not even on your tailet for example so long as it's rootable from the caddy instance itself audio books for example could be any node anywhere else on your tail net anywhere in the world and again the same principle applies to jellyfin because it's just using the tail scale magic DNS name now the other thing I wanted to draw your attention to is at the top of this file is this Cloud flare section here this is how caddy automatically generates the https the TLs certificates for these self-hosted Services you can see when I do the import Cloud flare here it Imports that cloud flare token and caddy has some logic in it under the hood that knows oh he specified Cloud flare that means I'm going to have to go and do the Acme request to go and generate the TLs certificates automatically for cloud flare so what's required on the tail scale side okay we need to make sure that it's a node on our tail net okay so I'll do a tail scale status I've already done tail scale login just to save us a bit of time in the video now the next thing we're going to have to do is configure the public DNS side of this solution we're going to need to know where our domain names name servers are pointing in my case I've pointed my domain dots and stuff dodev I've pointed the name service for that domain to cloudflare so that I can use cloudflare as my public DNS entry to manage all of my DNS records so once you've gone ahead and got logged into Cloud flare it's going to be a case of heading over to the domain itself and then on the left hand side here you can see there's a DNS section just here and then the entire thing is configured here in one entry so I've got star. RDU as a wild card entry pointing to caddy Velociraptor hyen noodle fish. tsnet now you will get this value here the target which is required to create a c name you'll get that by heading over to your tail scale admin console go to DNS and whatever value is here whatever value is in this box here under tailet name in my case Velociraptor hyphen noodle fish. ts.net that's the value that you want to put into here this must be a fully qualified domain name this is because when you share the node to another tailet it's not accessible by the short name it's only accessible by the full fully qualified domain name of caddy do whatever. ts.net and with that done click save and you can verify this by opening a terminal window windows so I'll just drag this one in from over here and we'll do a dig what did I I mean i' yeah test. U do some stuff dodev and because this is a wild card you should see that we return a c name here for caddy do your tailet name. ts.net doesn't have to be caddy by the way it just has to match the name of the node in your tail scale admin console so again just to get that we go over to the tail scale admin console click on the drop down here and whatever this second entry is here this is the fully qualified domain name for the node itself all right so that was a lot have we got it first of all we need to know what our fully qualified domain name is for caddy the node on your tailet so we get that in the admin console click on the drop down second option over here we then in Cloud flare need to make sure that the name servers for our domain wherever we registered it in my case I registered mine at name cheep but you know other registar are available and I pointed my name service for that domain to Cloud flare once I'd done that and everything had propagated properly which can take a few hours by the way I simply went and created a new record you click the add record button over here click on the drop down see name you know I can blah blah blah whatever put that in and then my target here for example is you know test. Velociraptor that has to match the fully qualified domain name in your tailet remember and then TTL time to live I mean whilst I'm doing a bunch of testing for this video I set mine to one minute if you leave yours to Auto you probably won't have any issues so just leave that one alone click save and then it might take a moment or two to propagate but if I do uh what did I call it I've already forgotten blah blah blah if I do blah blah blah we should see that yeah there you go the C name now resolves to test. Velociraptor and so the next thing to do is to go ahead and share it with your relative to do that we head over to the tail Scout admin console once more click on this button here which says share next to the three dot menu and generate and copy an invite link once we've done that you share this with your friend or relative they can do this from a mobile device or a laptop doesn't really matter so long as it's logged into the tailet that they created now in terms of the chronological order of this video this is where things get a little confusing I wanted to create a dedicated chapter so that you could share this with friends or family and say hey go to this Tim stamp and play From This Moment forward so I'm going to skip ahead or skip back in time a little bit go through the process of creating a brand new tailet for your relative and then once we get towards the end of that chapter that's where this invite link part will actually get used hello and welcome to the remote setup part of this video I'm going to walk you through creating a brand new tailet and connecting it to that remote service that your friend or relative is trying to share with you creating a tail scale account is completely free head over to tails scale.com to get started once there click on the button in the top right which says get started and then you'll need to choose your identity provider in today's video we're going to use Google I've created a dedicated Google account just for this video called myoms tailet gmail.com nice and straightforward so I'm going to click on sign up with Google and I'm already authenticated in this browser session with that Google account so it presents me the choos an account option just here I'm going to click on that one click continue and easy as that we've created a tail scale account so let's add our first device I'm going to make it this laptop that we're using right here head over to tailscale docomo now if you're on a mobile device you will go to the app store for your device and search tail scale and download the app there but on a laptop in this case it's Mac OS we're actually going to go to the Mac App Store to download tail scale click on the the little get button or the cloud icon if you've already done it with this Apple ID like I have here download and install the application click on open and you will see up here in the menu bar we now have a new app this is where we'll log in so I'm going to go ahead and just check the toggle box here which is going to turn tail scale on and then I'm going to click the login button now we should be familiar with this page by now but this is the sign in with Google this is where we use the same Google account that we used to create the tailet in the previous step once you click that button we're going to be presented with a screen here which says do you want to connect this device this laptop do you want to connect this device to your tailet and then once you click on the big blue button to say connect my device it's going to take you to your admin console this is where you will see all of the different devices on your tailet and this is the point where if someone sent you an invite link we'd now click on that invite link and add that shared node into this tail net so I'm going to go and pretend to be the friend or relative that's sharing this service with you for just a second and generate an invite link I go over to the share button here generate and copy an invite link what you will see as the remote person is an invite link that looks something like this login. tailscale doccom slash admin SL invite and then a string of characters when you put that into a web browser or click on it on a mobile device some magic will happen and we will ask you if you want to have this shared device added to your tailet I'm going to click on the button here which says accept invite and when I do you'll notice that inside your tailet now notice the tailet name at the top here my mom's tailet gmail.com you've now got two noes you've got your laptop and also the shared service that the other person's trying to share with you what this means is if they've given you a website to go to so in my case here for this demo it's image. ru. dots and stuff dodev you can now access that service on any device that you're logged in with tech tail scale remember we logged in using the tail scale up up here in the corner to my mom's tail net and now any service that that friend or relative has shared with you you can now access on any device that you are logged in with tail scale on now I'm going to go ahead and get logged in with the username that the person has provided to me which in this case is a tail and scales gmail.com that's right get logged in and suddenly I can see my photos and so this is the Crux of the solution I can now go ahead and you know create albums if I want to this is a image specific thing not a tail scale specific thing of course I'm going to create an album called Canada 23 create a new shared album and image has a bunch of users within it for example so if you want to go ahead and create a bunch of users for your friends and family as the server admin you go into the administration section of image over here and just create a different user account within image for every user that you want to have their own you know view of the image application now earlier on in the video I also showed how we could use audio books and jelly fin as well so whoever shared this service with you may have a few other things they want to share with you up their sleeve and it should just be a case of going and typing in whatever URL they've given you so in my case RDU do doson stuff dodev loads an audiobook server for example and then if I wanted to go ahead and load up jelly fin which is a self-hosted media server again it's just dots and stuff dodev and you can see that we can share a whole bunch of self-hosted services using this method now what if we want to do this on a phone for example I want to access image from this iPhone right here well I need to install tail scale on that device I don't need to accept the invite more than once though because once we accept the invite into our tailet because all the devices are connected together with direct connections as part of the tailet grouping of devices there's no need to accept the invite on each device just once per tailet will will suffice now to download tail scale on the iPhone we go to the app store and just search for tail scale once we see it appear in the search results we just click on the little Cloud icon or get or open and if you're on Google Play it'll be the same type of deal here and then once the app is downloaded let's click on open to open the tail scale application now we're going to walk through the getting started wizard I'm going to click on get started yes I understand about the Privacy stuff I'm going to allow notifications and then and click on install VPN configuration this is so that tail scale can manage the VPN configurations on this particular iPhone the next thing we got to do is actually get logged into the tailet now I'm going to click on the login button and again I'm going to use the Google authentication provider using the same my moms tailet gmail.com Google account that we created earlier in the video again I'm going to click on the big blue connect button to connect this device to my tailet and you can see we've got all of our devices showing up right here as well as the shared node that we accepted the invite for in the previous step on the laptop remember you don't need to accept the invite more than once just once per tailet will suffice and so now if I go to the image app on my phone and log in you can see I've put the image. RDU address in here I'm going to log in with the username and password that whoever shared the service with me gave me and just like that over 5G I'm able to connect to image on my phone remember 5G means I can't possibly be in the same building and connecting to this thing so I could be in England I could be in Japan or America right now it wouldn't matter as long as I had internet connectivity I could actually resolve this image service and of course on my laptop as well I'm able to resolve image over tail scale using the shared node technique with a custom domain that we just set up so this is a little taster of what you can do with tail scale thank you so much for joining me on this little Choose Your Own Adventure with friends and family with tail scale typee video and until next time I've been Alex from tail scale

Info

Channel: Tailscale

Views: 53,424

Rating: undefined out of 5

Keywords: home server, home lab, reverse proxy, self hosted, immich, photo backup, share photos with friends, share photos with family, tailscale, remote access, vpn, self-hosting, port forwarding, firewall, nat traversal, audiobookshelf, jellyfin, caddy, lxc, proxmox, command line, home network, home network setup for beginners

Id: Vt4PDUXB_fg

Channel Id: undefined

Length: 18min 4sec (1084 seconds)

Published: Fri Mar 08 2024