"Sorry, I've spent far too long explaining where the tilde button is on the keyboard." Brilliant video and this line made my day :-) keep up the great videos Alex, love them.
Thanks for all the detail Alex. I love it. Other “explainer” videos often leave out crucial bits that leave more novice or intermediate learners stuck even after consulting a lot of other resources.
(Reposting as I realized the other video link is not unlisted.) Thanks for the video Alex. You don't go into much detail about the benefits of having this as a remote VPS / reverse proxy. Are there inherent security benefits of using a VPS + remote proxy vs. self-hosting caddy and opening a port? I suspect opening the port isn't great but couldn't someone break into the VPS and using Tailscale, get free reign of my home network?
A VPS means you can access the proxy from anywhere without worrying about network topologies or needing Tailscale installed on the client device. It also makes it really easy to proxy services across multiple sites and reduce reliance on bandwidth constrained solutions like Tailscale's Funnel or Cloudflare's tunnels. For example, say that you're not on your home LAN and you want to hit that reverse proxy from a non Tailscale client (for me this is commonly a relatives phone wanting to stream an audiobook from my self-hosted audiobookshelf instance), they need to be able to route those packets to Caddy somehow in order for the data to flow. You need to solve for your WAN IP changing (dynamic dns), and open ports in your firewall. This is what I did for many years before Tailscale came along. But this solution removes all those pain points with the slight exception of needing to pay for a cloud VPS (but that can be useful for other things besides just this). HTH -Alex
Will this solution through VPC take on the limited transfer bandwidth? Or how is the direct connection made between a remote peer (which is not connected to Tailscale) browsing into the server through VPC?
Great video! What's the benefit of using a VPS, rather than just running Caddy on the same local network as Jellyfin? It kinda seems like an unecessary middle man to me. Thanks again :)
Was literally about to ask this! Nice wizard work but its not necessary. I've Traefik running in an LXC with Tailscale installed in there too. Works perfectly fine.
A VPS means you can access the proxy from anywhere without worrying about network topologies or needing Tailscale installed on the client device. It also makes it really easy to proxy services across multiple sites and reduce reliance on bandwidth constrained solutions like Tailscale's Funnel or Cloudflare's tunnels. For example, say that you're not on your home LAN and you want to hit that reverse proxy from a non Tailscale client (for me this is commonly a relatives phone wanting to stream an audiobook from my self-hosted audiobookshelf instance), they need to be able to route those packets to Caddy somehow in order for the data to flow. You need to solve for your WAN IP changing (dynamic dns), and open ports in your firewall. This is what I did for many years before Tailscale came along. But this solution removes all those pain points with the slight exception of needing to pay for a cloud VPS (but that can be useful for other things besides just this). HTH -Alex
Not sure why people think opening a port to reverse proxy is secure. It's more secure than nothing. But a reverse proxy is not an impenetrable layer. A professional solution is just much safer.
For my family, the client is the price of entry. Only devices I authorise on Tailscales admin console can access the container that contains the reverse proxy. As far as DNS goes I simply have wildcards in Cloudflare pointing at the LAN IP address of the container so I achieve 2 things - 1 URL resolution inside my LAN without the client and outside with the client installed. 2 Don't need to host the DNS myself either. No open ports, no care of what public IP address I have nor any care about unauthorised access as I have approved only the devices that I want to have access. Having the VPS just allows anyone with the URL to access stuff inside my network. Unless of course you do what I did but then there's no point in hosting it elsewhere and having the pay for it.
Same is true of things like Cloudflare tunnels too, they specifically have ToS terms which restrict things like video streaming. With this solution you have no such restrictions. -Alex
@@Tailscale does the funnel bandwidth limit appear if the funnel flag shows up on the client in the console even when the serve config has funnel set to false?
They are :) Bought them 10 years ago as a graduation gift to myself and haven’t ever felt the need to replace them. Paired with a 10” sub they more than fill my office with glorious noise. -Alex