Hello!
I have Jellyfin running locally on my linux pc, in a docker container but I also use Mullvad vpn. I’m still newish to linux but I can access jellyfin through my lan. I am at a total loss with how to remotely access it remotely and securely. I think I need to split tunnel jellyfin but I also run arr apps in other containers. Maybe gluetun? I cant find a guide that tells me for sure but it sounds like what I may need
I have been through several guides for different methods but I’m at a loss on what to do.
Can anyone point me in the right direction?
You must log in or register to comment.
So I’m pretty new to self hosting as well, but I use Tailscale. They also have the option of working with Mullvad, though I’m not 100% on how that works. Tailscale is a VPN itself, and it’s allowed me to access all of my self hosted stuff everywhere, including on my phone. It’s been really nice, though I understand people might not want to use corporate methods.
Gluetun to my knowledge, when I use it, is just for my qbittorrent stack to access my VPN.
If you don’t want to use something like Tailscale (there’s also a self hosted option called Headscale, and others like Zerotier and I think Netbird?) there’s opening ports and using reverse proxies. I would be really careful about that one, but hopefully I’ve given you some options to look into.
Probably what you’re looking for is the following setup:
docker <-> services <-> reverse proxy <-> VPN <-> Internet- Your next step is to chose a reverse proxy to handle your requests and serve your services on port
80and port443. There are several choice and you have to somehow stick with it, because each reverse proxy has it’s up and downsides and learning curve:
- Treafik (that’s the one I use and is specifically made for containers)
- Caddy (Never used it but heard only good things about it)
- Nginx (this one is a beast to tame, however I heard it’s easier to setup with nginx proxy manager)
Those are the 3 big players I’m aware of.
- You reverse proxy ready and functional you need something to access them outside your LAN. There are also several ways to achieve the same goal. The one I use and are happy with is to configure Wireguard on your server and only open the port needed to connect to it.
This is also a big part and probably this is the route of a tinkerer and have lot of personal time to spare… There are easier AIO routes that will probably save you time and energy. (Others will point you to the right direction)
- Bonus tip
You will rapidly understand the necessity of DNS. Reaching out to your services by IP:PORT will annoy you over time, even if you save them as bookmarks. Also if you don’t assign a static IP to your containers they will change every time you restart them or reboot your server. Not very practical !!
Here you have 2 choices:
- personal mini certificate authority (totally free and personal local domains but harder to setup)
- cheap domain name with automatic certificate generation.
I personally chose the tinkerer route and learning process. But I have time to spare and while I prefer this route… It’s very time consuming and involves a lot of web crawling and books reading.
If you are interested I can recommend you a good ebook on how to setup your own mini-CA :).
Hope it helps, you are halfway through !
- Your next step is to chose a reverse proxy to handle your requests and serve your services on port
Easiest? Tailscale., set it up on the server and each client you want to access it and it creates auto-resolving P2P VPN tunnels between them all.